FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-03-2012, 03:27 PM
Paul Howarth
 
Default Rawhide SELinux issues

I have a Rawhide VM on which I'm seeing some strange issues.

Firstly, I'm getting some AVCs that I don't understand and can't get rid
of using audit2allow:


type=AVC msg=audit(1341327661.200:69): avc: denied { 0x10 } for
pid=537 comm="sssd_nss" capability=36
scontext=system_u:system_r:sssd_t:s0
tcontext=system_u:system_r:sssd_t:s0 tclass=capability2


(audit2allow doesn't output anything for this)

Secondly, I'm seeing denials for kernel_dgram_send for a wide variety of
domains:


kernel_dgram_send(NetworkManager_t)
kernel_dgram_send(audisp_t)
kernel_dgram_send(auditd_t)
kernel_dgram_send(avahi_t)
kernel_dgram_send(chronyd_t)
kernel_dgram_send(dhcpc_t)
kernel_dgram_send(dnsmasq_t)
kernel_dgram_send(ftpd_t)
kernel_dgram_send(modemmanager_t)
kernel_dgram_send(nfsd_t)
kernel_dgram_send(rpcd_t)
kernel_dgram_send(sendmail_t)
kernel_dgram_send(setroubleshootd_t)
kernel_dgram_send(smf_spf_milter_t)
kernel_dgram_send(sshd_t)
kernel_dgram_send(sssd_t)
kernel_dgram_send(system_dbusd_t)
kernel_dgram_send(systemd_tmpfiles_t)

Is this something that needs adding to a basic domain template? Or
should I not be getting these?


Paul.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 07-03-2012, 04:46 PM
Miroslav Grepl
 
Default Rawhide SELinux issues

On 07/03/2012 05:27 PM, Paul Howarth wrote:

I have a Rawhide VM on which I'm seeing some strange issues.

Firstly, I'm getting some AVCs that I don't understand and can't get
rid of using audit2allow:


type=AVC msg=audit(1341327661.200:69): avc: denied { 0x10 } for
pid=537 comm="sssd_nss" capability=36
scontext=system_u:system_r:sssd_t:s0
tcontext=system_u:system_r:sssd_t:s0 tclass=capability2


(audit2allow doesn't output anything for this)

Secondly, I'm seeing denials for kernel_dgram_send for a wide variety
of domains:


kernel_dgram_send(NetworkManager_t)
kernel_dgram_send(audisp_t)
kernel_dgram_send(auditd_t)
kernel_dgram_send(avahi_t)
kernel_dgram_send(chronyd_t)
kernel_dgram_send(dhcpc_t)
kernel_dgram_send(dnsmasq_t)
kernel_dgram_send(ftpd_t)
kernel_dgram_send(modemmanager_t)
kernel_dgram_send(nfsd_t)
kernel_dgram_send(rpcd_t)
kernel_dgram_send(sendmail_t)
kernel_dgram_send(setroubleshootd_t)
kernel_dgram_send(smf_spf_milter_t)
kernel_dgram_send(sshd_t)
kernel_dgram_send(sssd_t)
kernel_dgram_send(system_dbusd_t)
kernel_dgram_send(systemd_tmpfiles_t)

Is this something that needs adding to a basic domain template? Or
should I not be getting these?

This is a systemd/dracut issue. A bug is opened.


Paul.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 09:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org