Re: Unexpected behavior in permissive mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/04/2015 03:05 AM, Joseph L. Casale wrote:
> With the policy updates that came with centos 7.1 update, I am trying to
> update a few local policies we have but with `setenforce 0` I do not get
> an avc at all when running my app, however enabling it and rerunning it
> generates one, but without seeing them all that approach would be like
> wack-a-mole.
> 
> The avc I am getting after setenforce 1 is run is:
> 
> type=AVC msg=audit(1428109185.330:570): avc:  denied  { execute_no_trans } for  pid=3953 comm="su" path="/usr/sbin/unix_chkpwd" dev="dm-0" ino=25468477 scontext=system_u:system_r:bacula_t:s0 tcontext=sytype=SYSCAL
> 
> Why does this not trigger a denial in permissive mode?
> 
> Thanks,
> jlc
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

What does if you switch the SELinux mode (which resets AVC cache)

# setenforce 1; setenforce 0

and then re-test it?

Could you also post full raw AVC?

-- 
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux