On Sun, Aug 21, 2022 at 5:21 PM Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx> wrote:
Since July 6, I've been seeing a lot of AVC's though I've not changed anything in my policies. Any ideas why?
The majority seem to be device_t:sock_file write which implies to me that it's a macro that's missing in the base policies.
The denials rather indicate some problem on your filesystem. Are you aware of any recent changes?
[root@mail mail]# ausearch -m avc | audit2allow
#============= antivirus_t ==============
allow antivirus_t device_t:sock_file write;
...trimmed
Just guessing, but try to execute the following command to display incorrect labels:
# restorecon -Rvn /run/systemd/journal
or even (which can take a long time)
# restorecon -Rvn /
To troubleshoot further, show currently mounted filesystems, installed selinux-policy packages, and enable full auditing:
# mount | grep tmpfs
# rpm -qa "selinux-policy*"
1) Open the /etc/audit/rules.d/audit.rules file in an editor.
2) Remove the following line if it exists:
-a task,never
3) Add the following line to the end of the file:
-w /etc/shadow -p w
4) Restart the audit daemon:
# service auditd restart
5) Re-run your scenario.
6) Collect AVC denials:
# ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
2) Remove the following line if it exists:
-a task,never
3) Add the following line to the end of the file:
-w /etc/shadow -p w
4) Restart the audit daemon:
# service auditd restart
5) Re-run your scenario.
6) Collect AVC denials:
# ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
And this may or may not be related, but I'm also getting a lot of ssh dropped connections:
ssh_dispatch_run_fatal: Connection to 192.168.4.3 port 22: message authentication code incorrect
This cannot be assessed without any data.
--
Zdenek Pytela
Security SELinux team
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
