I have a Rawhide VM on which I'm seeing some strange issues.
Firstly, I'm getting some AVCs that I don't understand and can't get rid
of using audit2allow:
type=AVC msg=audit(1341327661.200:69): avc: denied { 0x10 } for
pid=537 comm="sssd_nss" capability=36
scontext=system_u:system_r:sssd_t:s0
tcontext=system_u:system_r:sssd_t:s0 tclass=capability2
(audit2allow doesn't output anything for this)
Secondly, I'm seeing denials for kernel_dgram_send for a wide variety of
domains:
kernel_dgram_send(NetworkManager_t)
kernel_dgram_send(audisp_t)
kernel_dgram_send(auditd_t)
kernel_dgram_send(avahi_t)
kernel_dgram_send(chronyd_t)
kernel_dgram_send(dhcpc_t)
kernel_dgram_send(dnsmasq_t)
kernel_dgram_send(ftpd_t)
kernel_dgram_send(modemmanager_t)
kernel_dgram_send(nfsd_t)
kernel_dgram_send(rpcd_t)
kernel_dgram_send(sendmail_t)
kernel_dgram_send(setroubleshootd_t)
kernel_dgram_send(smf_spf_milter_t)
kernel_dgram_send(sshd_t)
kernel_dgram_send(sssd_t)
kernel_dgram_send(system_dbusd_t)
kernel_dgram_send(systemd_tmpfiles_t)
Is this something that needs adding to a basic domain template? Or
should I not be getting these?
Paul.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux