> In my audit logs I found this entry:
>
> type=AVC msg=audit(1434769414.956:562): avc: denied { open } for
> pid=3558 comm="ruby"
> path="/etc/puppet/environments/production/modules/bacula/files/monitor1/monitor1.mydomain.com.crt"
> dev="vda1" ino=1842005 scontext=system_u:system_r:passenger_t:s0
> tcontext=system_u:object_r:nfs_t:s0 tclass=file
Knowing nothing of your scenario, look at the source and target context.
Looks like you copied a crt from an nfs location and you don't have a
file context defined to transition labels, maybe something like:
semanage fcontext -a -t passenger_t "/etc/puppet/environments(/.*)?"
However, I know nothing of puppets selinux infrastructure, you may need
a more applicable type.
In these cases, audit2allow can't possibly guess the right thing and will
certainly produce a rule that is either unsafe or simply wrong.
jlc
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
