PS: Is there anyway to configure SELinux/auditd to use regular dates,
as sylogd does?
Stop looking at audit logs directly. (I'll leave the policy questions
to the policy people, sorry)
ausearch -m AVC -i
Very cool, thanks! One other outstanding suggestion I received was
the RPM pkg 'setroubleshoot'. It does a mind blowing / amazing job of
taking AVC error messages and explaining to you exactly what they mean
and suggested actions. Not only does it help troubleshooting, but it
helps to better understand SElinux in general. Now only if there was
such a utlity for the rest of Linux logging (dmesg anyone? :).
Thanks!
lance
Summary
SELinux is preventing /usr/sbin/named (named_t) "getattr" access to
/dev/random (tmpfs_t).
Detailed Description
SELinux denied access requested by /usr/sbin/named. It is not
expected that
this access is required by /usr/sbin/named and this access may
signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require
additional access.
Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this
package.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could
try to
restore the default system file context for /dev/random,
restorecon -v
/dev/random. There is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this
access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 - or you
can
disable SELinux protection entirely for the application.
Disabling SELinux
protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this
package.
Changing the "named_disable_trans" boolean to true will disable
SELinux
protection this application: "setsebool -P named_disable_trans=1."
The following command will allow this access:
setsebool -P named_disable_trans=1
Additional Information
Source Context user_u:system_r:named_t
Target Context system_u:object_r:tmpfs_t
Target Objects /dev/random [ chr_file ]
Affected RPM Packages
Policy RPM
Selinux Enabled
Policy Type
MLS Enabled
Enforcing Mode
Plugin Name plugins.disable_trans
Host Name
Platform
Alert Count 1
Line Numbers 1689,1690
Raw Audit Messages
avc: denied { getattr } for comm="named" dev=sdb1 egid=25 euid=25
exe="/usr/sbin/named" exit=-13 fsgid=25 fsuid=25 gid=25 items=0
path="/dev/random" pid=10791 scontext=user_u:system_r:named_t:s0 sgid=25
subj=user_u:system_r:named_t:s0 suid=25 tclass=chr_file
tcontext=system_u:object_r:tmpfs_t:s0 tty=(none) uid=25
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
