hi guys.
I get lots of:
Jun 10 16:34:03 dzien.private.lot setroubleshoot[489537]: SELinux is preventing /usr/sbin/unix_chkpwd from getattr access on the filesystem /proc. For complete SELinux messages run: sealert -l 0e04b2ea-b63d-481f-9633-e0bf0530e7ba
and I yet do not know from what and before I start investigation I wanted to ask if that is indeed a "valid" denial? ... Additional Information: Source Context system_u:system_r:chkpwd_t:s0 Target Context system_u:object_r:proc_t:s0 Target Objects /proc [ filesystem ] Source unix_chkpwd Source Path /usr/sbin/unix_chkpwd Port <Unknown> Host dzien.private.lot Source RPM Packages pam-1.3.1-15.el8.x86_64 Target RPM Packages filesystem-3.8-4.el8.0.1.x86_64 SELinux Policy RPM selinux-policy-targeted-3.14.3-68.el8.noarch Local Policy RPM selinux-policy-targeted-3.14.3-68.el8.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name dzien.private.lot Platform Linux dzien.private.lot 4.18.0-305.3.1.el8.x86_64 #1 SMP Tue Jun 1 16:14:33 UTC 2021 x86_64 x86_64 Alert Count 1988 First Seen 2021-06-09 09:50:01 BST Last Seen 2021-06-10 16:32:01 BST Local ID 87f481c4-e4dd-4b77-80c5-52a898760061
Raw Audit Messages type=AVC msg=audit(1623339121.659:34011): avc: denied { getattr } for pid=487286 comm="unix_chkpwd" name="/" dev="proc" ino=1 scontext=system_u:system_r:chkpwd_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=0
type=SYSCALL msg=audit(1623339121.659:34011): arch=x86_64 syscall=fstatfs success=no exit=EACCES a0=3 a1=7ffe61eee320 a2=0 a3=0 items=0 ppid=487285 pid=487286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=unix_chkpwd exe=/usr/sbin/unix_chkpwd subj=system_u:system_r:chkpwd_t:s0 key=(null)
Hash: unix_chkpwd,chkpwd_t,proc_t,filesystem,getattr ...
many thanks, L.