Whats this sys_admin capability
Tony Molloy
tony.molloy at ul.ie
Mon Mar 11 18:42:10 UTC 2013
Hi,
I'm seeing messages similar to the following for a number of services
on a recently updated Centos 6.4 system.
I can generate local policies for each service but is there some
boolean which can affecdt this sys_admin capability.
Mar 9 12:45:10 youngmunster setroubleshoot: SELinux is preventing
/usr/sbin/nmbd from using the sys_admin capability. For complete
SELinux messages. run sealert -l 5a37dd50-b60c-4a1c-b97d-6d62baeee33a
[root at youngmunster ~]# sealert -l 5a37dd50-b60c-4a1c-b97d-6d62baeee33a
SELinux is preventing /usr/sbin/nmbd from using the sys_admin
capability.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that nmbd should have the sys_admin capability by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep nmbd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Thanks,
Tony
More information about the selinux
mailing list