Daniel J Walsh wrote:
> On 05/29/2015 09:20 AM, m.roth@xxxxxxxxx wrote:
>>
>> CentOS 7.1. Selinux policy, and targetted, updated two days ago.
>>
>> May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash
>> from execute access on the file /usr/bin/bash.#012#012***** <...>
>> May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/bash
>> from execute access on the file /usr/bin/uname.#012#012***** <...>
>> May 28 17:02:45 <servername> python: SELinux is preventing
>> /usr/bin/uname
>> from execute_no_trans access on the file /usr/bin/uname.#012#012*****
>> <...>
>> May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash
>> from execute access on the file /usr/bin/mailx.#012#012***** <...>
>>
>> I did do an ll =Z /usr/bin, and everything looks correct
>> (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug.
>> No? Yes? File a bug report?
> What is the avc that you are seeing?
>
> ausearch -m avc -ts recent
Hmmm, that ausearch gives no matches. However, in /var/log/audit/audit.log
type=AVC msg=audit(1432846954.621:112734): avc: denied { execute } for
pid=1984 comm="rsync" name="bash" dev="sda3" ino=23075548
scontext=system_u:system_r:rsync_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
type=AVC msg=audit(1432846954.628:112735): avc: denied { execute } for
pid=1987 comm="sh" name="uname" dev="sda3" ino=23071676
scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:bin_t:s0
tclass=file
type=AVC msg=audit(1432846954.629:112737): avc: denied { execute } for
pid=1986 comm="sh" name="mailx" dev="sda3" ino=23072424
scontext=system_u:system_r:rsync_t:s0
tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file
Now, my manager thinks that it's complaining that it's complaining because
we have an rsync daemon running, and every time there's an upload, the
daemon sends an email to a user.
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
