On Sat, 4 Jan 2020 09:51:56 +0100
Lukas Vrabec <lvrabec@xxxxxxxxxx> wrote:
> On 12/22/19 10:15 AM, Manfred Lotz wrote:
> > Hi there,
> > Running Fedora 31 and SELinux still in permissive mode I got
> >
>
> Hi,
>
> What is the version of selinux-policy package installed on your
> system?
>
> # rpm -q selinux-policy
>
selinux-policy-3.14.4-43.fc31 installed on December 13.
> You can also update selinux-policy package:
>
> # dnf update selinux-policy
>
> "setrlimit" permission should be already allowed in F31 selinux-policy
> package. (selinux-policy-3.14.4-37.fc31.noarch +)
>
> Could you please update the package and try to reproduce your issue
> again?
>
Funny is that directly after the last reboot
SELinux is preventing systemctl from using the sys_resource
capability.
showed up again.
sealeart shows:
type=AVC msg=audit(1577999374.574:304): avc: denied { sys_resource } for pid=1930 comm="systemctl" capability=24
scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:system_r:cockpit_ws_t:s0 tclass=capability permissive=1
After that it didn't show again.
--
Manfred
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
