Paul Howarth wrote:
Having installed the latest bunch of Fedora 8 updates this morning,
which included selinux-policy and setroubleshoot, I'm getting these
denials:
type=AVC msg=audit(1204275163.032:209): avc: denied { connectto } for
pid=26345 comm="setroubleshootd" path="/var/run/audispd_events"
scontext=unconfined_u:system_r:setroubleshootd_t:s0
tcontext=system_u:system_r:auditd_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1204275171.133:210): avc: denied { read } for
pid=26379 comm="setroubleshootd" name=".rpmmacros" dev=0:15 ino=6331637
scontext=unconfined_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=file
The first one looks like a policy issue but I can't fathom why
setroubleshootd would be trying access ~/.rpmmacros for the second one.
Following a reboot, the socket /var/run/audispd_events changed from
auditd_t to audisp_var_run_t and there are no more AVCs for this. I
tried a restorecon before the reboot but that didn't do anything, which
is strange given that policy does indeed specify context:
# semanage fcontext -l | grep audisp
/sbin/audispd regular file
system_u:object_r:audisp_exec_t:s0
/sbin/audisp-prelude regular file
system_u:object_r:audisp_prelude_exec_t:s0
/var/run/audispd_events socket
system_u:object_r:audisp_var_run_t:s0
Perhaps that was finger trouble?
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
