restorecon -R -v /etc/hosts Would fix this issue. On 05/28/2014 06:36 AM, Miroslav Grepl wrote: > On 05/28/2014 12:24 AM, Emmett Culley wrote: >> On 05/22/2014 10:31 PM, Miroslav Grepl wrote: >>> On 05/22/2014 06:35 PM, Emmett Culley wrote: >>>> I am continually getting getattr and read AVC errors. From my >>>> research, I believe it is because my hosts file gets modified each >>>> time I VPN into my work network. >>>> >>>> I cause the host names and IP addresses that are part of the >>>> internal work network to be appended to the hosts file upon the VPN >>>> connection and then restore the original hosts file upon >>>> disconnection. >>>> >>>> I have tried restorecon /etc/hosts, but I still get the warnings. >>>> I have also done the mypol fixes suggested in the troubleshooting >>>> dialog's details page. Nothing I do resolves this issue. >>>> >>>> How can I prevent these AVC errors? Or at least properly modify my >>>> hosts file (and possibly others) the SELinux way? >>>> >>>> Emmett >>>> -- >>>> selinux mailing list >>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> What AVC message are you getting? >>> >>> What OS? >>> >>> Regards, >>> Miroslav >>> >> Linux (Fedora 20) >> >> type=AVC msg=audit(1401200342.155:473): avc: denied { read } for >> pid=5501 comm="httpd" name="hosts" dev="dm-0" ino=270007 >> scontext=system_u:system_r:httpd_t:s0-s0:c0.c1023 >> tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file >> >> AND >> >> type=AVC msg=audit(1401195880.487:401): avc: denied { getattr } >> for pid=1064 comm="chronyd" path="/etc/hosts" dev="dm-0" ino=270007 >> scontext=system_u:system_r:chronyd_t:s0 >> tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file >> >> >> type=SYSCALL msg=audit(1401195880.487:401): arch=x86_64 syscall=fstat >> success=yes exit=0 a0=4 a1=7fff126bb590 a2=7fff126bb590 a3=0 items=0 >> ppid=1 pid=1064 auid=4294967295 uid=997 gid=996 euid=997 suid=997 >> fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 >> comm=chronyd exe=/usr/sbin/chronyd >> subj=system_u:system_r:chronyd_t:s0 key=(null) >> >> Each of the errors are caused by attempts to access the hosts file. >> >> Emmett >> >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > "admin_home_t" is label for files/dirs in /root directory. It means > the /etc/hosts is moved from this directory. Any chance you have a > script which does it? > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
