Re: How to whitelist a user avc?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/28/2015 10:34 PM, Bruno Wolff III wrote:
> I have a problem in F23 (that wasn't in F22), where getmail (or its feed
> into qmail) doesn't work in enforcing mode. I first tried using
> audit2allow to whitelist all of the avcs.

Could you attach them?

There could be also a selinux_err message in audit.log.

 That didn't work. Then I used
> semodule -DB in case there was a don't audit rule and then used
> audit2allow again to get the data for a local semodule and it still
> didn't work. I am seeing a user avc in the logs, that I suspect isn't
> getting handled by audit2allow, but I am not sure how to say its OK or
> change things so I don't hit it:
> type=USER_AVC msg=audit(1443471901.485:584): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission
> stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=?
> addr=? terminal=?'
> 
> I tried searching for some of the text, but I didn't find any relevant
> references.
> -- 
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux