search for: scontext

...og/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /var/log/audit/audit.log | audit2why type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0 ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1398199187.646:29333): avc:...

...o staff_u. When the user runs Brasero to burn a disk, the burn operation fails. /var/log/audit/audit.log contains the following: type=AVC msg=audit(1556724762.446:1133340): avc: denied { read } for pid=8296 comm="growisofs" name="devices" dev="proc" ino=4026532225 scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0 type=AVC msg=audit(1556724762.446:1133341): avc: denied { read } for pid=8296 comm="growisofs" name="meminfo" dev="proc" ino=4026532040 scontext=staff_u:staff_r:c...

...d -q never When I restarts smartd next messages appears in audit.log: [root at srv-1.home ~]# tail -F /var/log/audit/audit.log | grep type=AVC type=AVC msg=audit(1357993548.964:8529): avc: denied { getattr } for pid=21321 comm="smartd" path="/dev/sdc" dev=devtmpfs ino=6327 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c281,c675 tclass=blk_file type=AVC msg=audit(1357993548.965:8530): avc: denied { getattr } for pid=21321 comm="smartd" path="/dev/sdd" dev=devtmpfs ino=6321 scontext=unconfined_u:system_r:fsdaemon...

...ally after the system has come up completely it works fine. Here are all the messages from /var/log/messages that are SElinux related: May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:10): avc: denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs ino=1396 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:pppd_t:s0 tclass=fd May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:11): avc: denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs ino=1396 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:s...

...new modules until you confirm that you've > found one (or a minimal combination) of rules that is causing dovecot > to crash and log a backtrace. Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1 type=AVC msg=audit(1493361695.041:49205): avc: denied { siginh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:po...

...rebooted and started receiving some error messages in the system services initialization: ====================================================================== audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd" name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file audit(1156518721.280:5): avc: denied { append } for pid=2224 comm=" syslogd" name="messages" dev=dm-3 ino=38 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file audit(115651...

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

Hello, I'm using the targeted policy. PHP's mail() function fails because of selinux. audit(1149662369.454:2): avc: denied { setgid } for pid=18085 comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability When i turn to permisive mode: audit(1149668677.105:12): avc: denied { setuid } for pid=29159 comm="sendmail" capability=7 scontext=root:system_r:ht tpd_sys_script_t tcontext=root:system_r:htt...

...ot 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3 > > > [root at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid...

On 04/26/2017 12:29 AM, Robert Moskowitz wrote: > But the policy generates errors. I will have to submit a bug report, > it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need

...type=NETFILTER_CFG msg=audit(1365403596.177:4507): table=nat family=2 entries=60 type=NETFILTER_CFG msg=audit(1365403596.177:4508): table=nat family=2 entries=61 type=AVC msg=audit(1365403606.017:4509): avc: denied { dac_override } for pid=8944 comm="qemu-system-ppc" capability=1 scontext=system_u:system_r:svirt_t:s0:c574,c809 tcontext=system_u:system_r:svirt_t:s0:c574,c809 tclass=capability type=AVC msg=audit(1365403606.017:4510): avc: denied { dac_read_search } for pid=8944 comm="qemu-system-ppc" capability=2 scontext=system_u:system_r:svirt_t:s0:c574,c809 tcontex...

...[FAILED] Starting kernel logger: [ OK ] and in dmesg centos report me that: audit(1163775960.711:5): avc: denied { read } for pid=4325 comm="syslogd" name="libc.so.6" dev=dm-0 ino=4562290 scontext=root:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=lnk_file audit(1163775960.711:6): avc: denied { read } for pid=4325 comm="syslogd" name="libc.so.6" dev=dm-0 ino=4562290 scontext=root:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=lnk_file audit(1...

...erver21 named[5101]: loading configuration from '/etc/named.conf' Aug 15 14:09:46 devserver21 named: named reload succeeded Aug 15 14:09:46 devserver21 kernel: audit(1250359786.568:31): avc: denied { write } for pid=5103 comm="named" name="named" dev=dm-0 ino=28148843 scontext=user_u:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir Aug 15 14:09:46 devserver21 kernel: audit(1250359786.568:32): avc: denied { add_name } for pid=5103 comm="named" name="tmp-XXXXtGN8y7" scontext=user_u:system_r:named_t tcontext=system_u:object_r:named_...

...targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted But during the boot i see selinux warnings and some software wan't start correctly: audit(1173699978.909:2): avc: denied { name_bind } for pid=2407 comm="piranha_gui" src=3636 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket audit(1173699978.943:3): avc: denied { append } for pid=2407 comm="piranha_gui" name="piranha-gui" dev=dm-0 ino=2338608 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:var_log_t tclass...

...8.0-193.6.3.e Fri Jul 24 13:33 - 15:27 (01:54) reboot system boot 4.18.0-193.6.3.e Fri Jul 24 01:20 - 13:33 (12:13) # ausearch -m avc --start today ---- time->Fri Jul 24 01:20:08 2020 type=AVC msg=audit(1595546408.754:28): avc: denied { remount } for pid=952 comm="(ostnamed)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:httpd_var_run_t:s0 tclass=filesystem permissive=0 ---- time->Fri Jul 24 13:34:04 2020 type=AVC msg=audit(1595590444.080:29): avc: denied { remount } for pid=1020 comm="(ostnamed)" scontext=system_u:system_r:init_t:s0 tcontext=...

...in vm03 /var/log/messages got filled with the following messages: stem_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=capability Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2139): avc: denied { sys_resource } for pid=2445 comm="xenstored" capability=24 scontext=system_u:system_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=capability Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2140): avc: denied { sys_resource } for pid=2445 comm="xenstored" capability=24 scontext=system_u:system_r:xenstored_t:s0 tcontext=system...

...t suid=root fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null) type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied { setgid } for pid=19418 comm=sendmail capability=setgid scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability type=SYSCALL msg=audit(09/15/2017 12:12:14.551:31746) : arch=x86_64 syscall=open success=yes exit=7 a0=0x7ffd1659ec70 a1=O_RDONLY a2=0x0 a3=0x9 items=0 ppid=27605 pid=27633 auid=unset uid=lig...

...msg02443.html and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still can't start httpd. Not sure what to make of the audit log: type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsu...

...essages, of the form: Oct 13 17:02:56 dblinux1 kernel: SELinux: initialized (dev configfs, type configfs), not configured for labeling Oct 13 17:02:56 dblinux1 kernel: audit(1129237376.191:5): avc: denied { mount } for pid=14922 comm="mount" name="/" dev=configfs ino=70286 scontext=root:system_r:initrc_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem Also have some errors of form: Oct 13 18:03:49 dblinux1 dbus: Can't send to audit system: USER_AVC pid=2587 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tconte...

...in enforcing mode on Server, the commands fail with this message : bash: /usr/bin/xauth: Permission denied and /var/log/audit/audit.log shows the following errors : type=SELINUX_ERR msg=audit(1326381080.364:610): security_compute_sid: invalid context system_u:system_r:xauth_t:s0-s0:c0.c1023 for scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process type=AVC msg=audit(1326381080.364:610): avc: denied { write } for pid=3487 comm="xauth" path="pipe:[21744]" dev=pipefs ino=21744 scontext=system_u:system_r:xauth_t:s0-s0:c...