I have a Rawhide VM on which I'm seeing some strange issues.
Firstly, I'm getting some AVCs that I don't understand and can't get rid of using audit2allow:
type=AVC msg=audit(1341327661.200:69): avc: denied { 0x10 } for pid=537 comm="sssd_nss" capability=36 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=capability2
(audit2allow doesn't output anything for this)
Secondly, I'm seeing denials for kernel_dgram_send for a wide variety of domains:
kernel_dgram_send(NetworkManager_t) kernel_dgram_send(audisp_t) kernel_dgram_send(auditd_t) kernel_dgram_send(avahi_t) kernel_dgram_send(chronyd_t) kernel_dgram_send(dhcpc_t) kernel_dgram_send(dnsmasq_t) kernel_dgram_send(ftpd_t) kernel_dgram_send(modemmanager_t) kernel_dgram_send(nfsd_t) kernel_dgram_send(rpcd_t) kernel_dgram_send(sendmail_t) kernel_dgram_send(setroubleshootd_t) kernel_dgram_send(smf_spf_milter_t) kernel_dgram_send(sshd_t) kernel_dgram_send(sssd_t) kernel_dgram_send(system_dbusd_t) kernel_dgram_send(systemd_tmpfiles_t)
Is this something that needs adding to a basic domain template? Or should I not be getting these?
Paul.
On 07/03/2012 05:27 PM, Paul Howarth wrote:
I have a Rawhide VM on which I'm seeing some strange issues.
Firstly, I'm getting some AVCs that I don't understand and can't get rid of using audit2allow:
type=AVC msg=audit(1341327661.200:69): avc: denied { 0x10 } for pid=537 comm="sssd_nss" capability=36 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=capability2
(audit2allow doesn't output anything for this)
Secondly, I'm seeing denials for kernel_dgram_send for a wide variety of domains:
kernel_dgram_send(NetworkManager_t) kernel_dgram_send(audisp_t) kernel_dgram_send(auditd_t) kernel_dgram_send(avahi_t) kernel_dgram_send(chronyd_t) kernel_dgram_send(dhcpc_t) kernel_dgram_send(dnsmasq_t) kernel_dgram_send(ftpd_t) kernel_dgram_send(modemmanager_t) kernel_dgram_send(nfsd_t) kernel_dgram_send(rpcd_t) kernel_dgram_send(sendmail_t) kernel_dgram_send(setroubleshootd_t) kernel_dgram_send(smf_spf_milter_t) kernel_dgram_send(sshd_t) kernel_dgram_send(sssd_t) kernel_dgram_send(system_dbusd_t) kernel_dgram_send(systemd_tmpfiles_t)
Is this something that needs adding to a basic domain template? Or should I not be getting these?
This is a systemd/dracut issue. A bug is opened.
Paul.
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
selinux@lists.fedoraproject.org