[root@desk mythcat]# ausearch -c 'restorecon' --raw | audit2allow
#============= staff_t ==============
allow staff_t admin_home_t:dir { relabelfrom relabelto };
allow staff_t admin_home_t:file { relabelfrom relabelto };
#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.
#Constraint rule:
# mlsconstrain dir { search } ((l1 dom l2 -Fail-) or (t1 == mlsfilereadtoclr -Fail-) and (h1 dom l2) or (t1 == mlsfileread -Fail-) or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
# Possible cause is the source user (staff_u) and target user (system_u) are different.
# Possible cause is the source level (s0-s15:c0.c1023) and target level (s15:c0.c1023) are different.
allow staff_t auditd_etc_t:dir search;
allow staff_t auditd_etc_t:dir { open read };
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
