Re: SELinux is preventing systemd-tmpfile from using the sys_resource capability.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 4 Jan 2020 09:51:56 +0100
Lukas Vrabec <lvrabec@xxxxxxxxxx> wrote:

> On 12/22/19 10:15 AM, Manfred Lotz wrote:
> > Hi there,
> > Running Fedora 31 and SELinux still in permissive mode I got
> >   
> 
> Hi,
> 
> What is the version of selinux-policy package installed on your
> system?
> 
> # rpm -q selinux-policy
> 

selinux-policy-3.14.4-43.fc31 installed on December 13.


> You can also update selinux-policy package:
> 
> # dnf update selinux-policy
> 
> "setrlimit" permission should be already allowed in F31 selinux-policy
> package. (selinux-policy-3.14.4-37.fc31.noarch +)
> 
> Could you please update the package and try to reproduce your issue
> again?
> 

Funny is that directly after the last reboot 
  SELinux is preventing systemctl from using the sys_resource
  capability.

showed up again. 

sealeart shows:

type=AVC msg=audit(1577999374.574:304): avc:  denied  { sys_resource } for  pid=1930 comm="systemctl" capability=24  
         scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:system_r:cockpit_ws_t:s0 tclass=capability permissive=1


After that it didn't show again.


-- 
Manfred
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux