Re: Hosts file access

[Miroslav Grepl <mgrepl@xxxxxxxxxx>]

On 05/28/2014 05:13 PM, Daniel J Walsh wrote:
> restorecon -R -v /etc/hosts
>
> Would fix this issue.
Yes, but he needs to repeat it.
> On 05/28/2014 06:36 AM, Miroslav Grepl wrote:
> > On 05/28/2014 12:24 AM, Emmett Culley wrote:
> > > On 05/22/2014 10:31 PM, Miroslav Grepl wrote:
> > > > On 05/22/2014 06:35 PM, Emmett Culley wrote:
> > > > > I am continually getting getattr and read AVC errors.  From my
> > > > > research, I believe it is because my hosts file gets modified each
> > > > > time I VPN into my work network.
> > > > >
> > > > > I cause the host names and IP addresses that are part of the
> > > > > internal work network to be appended to the hosts file upon the VPN
> > > > > connection and then restore the original hosts file upon
> > > > > disconnection.
> > > > >
> > > > > I have tried restorecon /etc/hosts, but I  still get the warnings.
> > > > > I have also done the mypol fixes suggested in the troubleshooting
> > > > > dialog's details page.  Nothing I do resolves this issue.
> > > > >
> > > > > How can I prevent these AVC errors?  Or at least properly modify my
> > > > > hosts file (and possibly others) the SELinux way?
> > > > >
> > > > > Emmett
> > > > > --
> > > > > selinux mailing list
> > > > > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > > > https://admin.fedoraproject.org/mailman/listinfo/selinux
> > > > What AVC message are you getting?
> > > >
> > > > What OS?
> > > >
> > > > Regards,
> > > > Miroslav
> > > Linux (Fedora 20)
> > >
> > > type=AVC msg=audit(1401200342.155:473): avc:  denied  { read } for
> > > pid=5501 comm="httpd" name="hosts" dev="dm-0" ino=270007
> > > scontext=system_u:system_r:httpd_t:s0-s0:c0.c1023
> > > tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
> > >
> > > AND
> > >
> > > type=AVC msg=audit(1401195880.487:401): avc:  denied  { getattr }
> > > for  pid=1064 comm="chronyd" path="/etc/hosts" dev="dm-0" ino=270007
> > > scontext=system_u:system_r:chronyd_t:s0
> > > tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
> > >
> > >
> > > type=SYSCALL msg=audit(1401195880.487:401): arch=x86_64 syscall=fstat
> > > success=yes exit=0 a0=4 a1=7fff126bb590 a2=7fff126bb590 a3=0 items=0
> > > ppid=1 pid=1064 auid=4294967295 uid=997 gid=996 euid=997 suid=997
> > > fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295
> > > comm=chronyd exe=/usr/sbin/chronyd
> > > subj=system_u:system_r:chronyd_t:s0 key=(null)
> > >
> > > Each of the errors are caused by attempts to access the hosts file.
> > >
> > > Emmett
> > >
> > > --
> > > selinux mailing list
> > > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > https://admin.fedoraproject.org/mailman/listinfo/selinux
> > "admin_home_t" is label for files/dirs in /root directory. It means
> > the /etc/hosts is moved from this directory. Any chance you have a
> > script which does it?
> >
> >
> > --
> > selinux mailing list
> > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux