Hi, Lukas, Lukas Vrabec wrote: > > I believe you'll find answer here: > > https://danwalsh.livejournal.com/47118.html But we don't *want* to disable IPv6. We rolled it out several years ago. mark > > Thanks, > Lukas. > > > On 11/21/18 7:18 PM, mark wrote: > >> Hi, Lukas, >> >> >> Lukas Vrabec wrote: >> >>> >>> Could you reproduce your issue and then attach output of: >>> >>> >>> # ausearch -m AVC -m USER_AVC -ts today >>> >>> >> Here's an abbreviated o/p, as in this happened at 11:08 today: >> time->Wed Nov 21 11:08:55 2018 type=PROCTITLE >> msg=audit(1542816535.125:26908): >> proctitle=2F7573722F7362696E2F73656E646D61696C002D4643726F6E4461656D6F6E >> 002D69002D6F6469002D6F656D002D6F69002D74002D6600726F6F74 >> type=SYSCALL msg=audit(1542816535.125:26908): arch=c000003e syscall=2 >> success=yes exit=3 a0=7f52d568d0b8 a1=80000 a2=1b6 a3=24 items=0 >> ppid=54786 pid=55276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 >> sgid=51 fsgid=51 tty=(none) ses=935 comm="sendmail" >> exe="/usr/sbin/sendmail.sendmail" >> subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null) >> type=AVC msg=audit(1542816535.125:26908): avc: denied { open } for >> pid=55276 comm="sendmail" >> path="/proc/sys/net/ipv6/conf/all/disable_ipv6" dev="proc" ino=25607 >> scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 >> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file >> type=AVC msg=audit(1542816535.125:26908): avc: denied { read } for >> pid=55276 comm="sendmail" name="disable_ipv6" dev="proc" ino=25607 >> scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 >> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file >> ---- >> time->Wed Nov 21 11:08:55 2018 type=PROCTITLE >> msg=audit(1542816535.125:26909): >> proctitle=2F7573722F7362696E2F73656E646D61696C002D4643726F6E4461656D6F6E >> 002D69002D6F6469002D6F656D002D6F69002D74002D6600726F6F74 >> type=SYSCALL msg=audit(1542816535.125:26909): arch=c000003e syscall=5 >> success=yes exit=0 a0=3 a1=7fff06a576c0 a2=7fff06a576c0 a3=0 items=0 >> ppid=54786 pid=55276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 >> sgid=51 fsgid=51 tty=(none) ses=935 comm="sendmail" >> exe="/usr/sbin/sendmail.sendmail" >> subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null) >> type=AVC msg=audit(1542816535.125:26909): avc: denied { getattr } for >> pid=55276 comm="sendmail" >> path="/proc/sys/net/ipv6/conf/all/disable_ipv6" dev="proc" ino=25607 >> scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 >> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file >> >> >> mark >> > > > -- > Lukas Vrabec > Software Engineer, Security Technologies > Red Hat, Inc. > > > _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
