On 1/30/19 12:59 PM, Ian Pilcher wrote:
This is not strictly an SELinux question, but I figure that someone may
have run across this before and have some idea what's going on.
type=AVC msg=audit(1548870149.222:8945): avc: denied { ioctl } for
pid=20752 comm="bash" path="/etc/pki/radiusd/certmonger-post.sh"
dev="dm-0" ino=8415894 ioctlcmd=5401
scontext=system_u:system_r:certmonger_t:s0
tcontext=unconfined_u:object_r:radiusd_cert_t:s0 tclass=file permissive=0
This occurs when certmonger runs:
'/usr/bin/bash /etc/pki/radiusd/certmonger-post.sh'
Try as a might, I can't think of any reason why bash would be calling
ioctl on a script file, so I'm not sure whether to dontaudit or allow
this (as it seems to be a non-fatal error).
Anyone have any ideas?
(corrected list address to the new list location; please note for future
postings)
ioctlcmd=5401 is TCGETS. This is used by isatty() to probe whether a
descriptor refers to a tty. bash is checking whether the descriptor is
a tty. You can generally dontaudit harmlessly.
