Re: CentOS 7 selinux policy bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

What is your environment set up for? Is this just straight out of the box, or have you harden the systems any? 


-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Earl A Ramirez
Sent: Friday, May 29, 2015 10:53 AM
To: CentOS mailing list
Subject: Re:  CentOS 7 selinux policy bug

On 29 May 2015 at 16:27, <m.roth@xxxxxxxxx> wrote:

> Hi, folks,
>
>    CentOS 7.1. Selinux policy, and targetted, updated two days ago.
>
> May 28 17:02:41 <servername> python: SELinux is preventing 
> /usr/bin/bash from execute access on the file 
> /usr/bin/bash.#012#012***** <...> May 28 17:02:45 <servername> python: 
> SELinux is preventing /usr/bin/bash from execute access on the file 
> /usr/bin/uname.#012#012*****  <...> May 28
> 17:02:45 <servername> python: SELinux is preventing /usr/bin/uname 
> from execute_no_trans access on the file /usr/bin/uname.#012#012***** 
> <...> May 28 17:02:47 <servername> python: SELinux is preventing 
> /usr/bin/bash from execute access on the file 
> /usr/bin/mailx.#012#012*****  <...>
>
> I did do an ll =Z /usr/bin, and everything looks correct 
> (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug.
> No? Yes? File a bug report?
>
>         mark
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

I saw the same behaviour this morning, however the labels changed to "unlabelled" for a number of programs; e.g. /etc/ssh/sshd_config, /etc/shadow, /etc/pam/* and a few others. I saw this after I was not able to login to my laptop, login to single user mode and saw tonnes of SELinux errors and changed it from enforcing to permissive and then I was able to restore the labels.

Most certainly believe its a bug.


--
Kind Regards
Earl Ramirez
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux