Henry Zhang a écrit : > Casper: > For example, I have a denied message in audit.log: > type=AVC msg=audit(1676313787.584:376): avc: denied { read write } for pid=17799 comm="run_at_daemon" path="socket:[54386]" dev="sockfs" ino=54386 scontext=system_u:system_r:run_at_csq_daemon_t:s0 tcontext=system_u:system_r:rssi_daemon_t:s0 tclass=tcp_socket permissive=0 > > how to apply restorecon? Well this is a TCP socket... not unix file. For TCP socket, opened at boot or later, label is always good, because a TCP socket is not persistent. If you think the "label" ("SELinux context" in this case) of the TCP socket is not good, you can customize the policy of contexts applied on opened ports with the semanage command. For example, I allow port 18000 to have the http_port_t context on my machine: semanage port -a -t http_port_t -p tcp 18000 More infos: man semanage In your message, your TCP socket got run_at_csq_daemon_t context, but rssi_daemon_t context is not allowed to access, then SELinux is blocking access (read write). -- GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der Jabber/XMPP Messaging: casper@xxxxxxxxxxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue