Re: SELinux alert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>
> On 2022-07-12 01:02, Patrick Dupre wrote:
> > I do not how to deal wit this issue: in fc34 and fc36.
> >
> > SELinux security alert recommend the following:
> >
> > You need to change the label on /var/usermin/miniserv.pid
> > # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid'
> > where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t,
> > etc...
> > a long list of FILE_TYPE
> >
> > Which one should I choose?
>
> That doesn't appear to be an application that comes from a Fedora
> package.  Where did you get it from?  You should probably ask them about it.
You are right, it come from usermin

>
> Also, what is the full message you received?  You don't need to include
> the entire FILE_TYPE list.


You need to change the label on /var/usermin/miniserv.pid
# semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid'
where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t,
......
zoneminder_var_run_t, zos_remote_exec_t.
Then execute:
restorecon -v '/var/usermin/miniserv.pid'


The other recommendation is

SELinux is preventing systemd from read access on the file /var/usermin/miniserv.pid.

Plugin: catchall
 SELinux denied access requested by systemd. It is not expected that this access
is required by systemd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

If you believe that systemd should be allowed read access on the miniserv.pid file by default.
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 'systemd' --raw | audit2allow -M my-systemd
# semodule -X 300 -i my-systemd.pp

But running
ausearch -c 'systemd' --raw | audit2allow -M my-systemd
and
semodule -X 300 -i my-systemd.pp

does not help.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux