|
Hi, On a fully updated CentOS 5.7 box I get the following AVC Summary: SELinux is preventing unix_update (updpwd_t) "getattr" to / (fs_t). Detailed Description: SELinux denied access requested by unix_update. It is not expected that this access is required by unix_update and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:updpwd_t Target Context system_u:object_r:fs_t Target Objects / [ filesystem ] Source unix_update Source Path <Unknown> Port <Unknown> Host a.b.c.d Source RPM Packages Target RPM Packages filesystem-2.4.0-3.el5.centos Policy RPM selinux-policy-2.4.6-316.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name a.b.c.d Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64 Alert Count 11 First Seen Fri Feb 25 15:39:33 2011 Last Seen Mon Sep 26 14:18:54 2011 Local ID 275eef01-114a-419b-9df0-4bb81932bc5e Line Numbers Raw Audit Messages host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: denied { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5 ino=2 scontext=system_u:system_r:updpwd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem I can generate a local policy module. Thanks, Tony |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
