Hosts file access
Miroslav Grepl
mgrepl at redhat.com
Thu May 29 08:20:11 UTC 2014
On 05/28/2014 05:13 PM, Daniel J Walsh wrote:
> restorecon -R -v /etc/hosts
>
> Would fix this issue.
Yes, but he needs to repeat it.
>
> On 05/28/2014 06:36 AM, Miroslav Grepl wrote:
>> On 05/28/2014 12:24 AM, Emmett Culley wrote:
>>> On 05/22/2014 10:31 PM, Miroslav Grepl wrote:
>>>> On 05/22/2014 06:35 PM, Emmett Culley wrote:
>>>>> I am continually getting getattr and read AVC errors. From my
>>>>> research, I believe it is because my hosts file gets modified each
>>>>> time I VPN into my work network.
>>>>>
>>>>> I cause the host names and IP addresses that are part of the
>>>>> internal work network to be appended to the hosts file upon the VPN
>>>>> connection and then restore the original hosts file upon
>>>>> disconnection.
>>>>>
>>>>> I have tried restorecon /etc/hosts, but I still get the warnings.
>>>>> I have also done the mypol fixes suggested in the troubleshooting
>>>>> dialog's details page. Nothing I do resolves this issue.
>>>>>
>>>>> How can I prevent these AVC errors? Or at least properly modify my
>>>>> hosts file (and possibly others) the SELinux way?
>>>>>
>>>>> Emmett
>>>>> --
>>>>> selinux mailing list
>>>>> selinux at lists.fedoraproject.org
>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>> What AVC message are you getting?
>>>>
>>>> What OS?
>>>>
>>>> Regards,
>>>> Miroslav
>>>>
>>> Linux (Fedora 20)
>>>
>>> type=AVC msg=audit(1401200342.155:473): avc: denied { read } for
>>> pid=5501 comm="httpd" name="hosts" dev="dm-0" ino=270007
>>> scontext=system_u:system_r:httpd_t:s0-s0:c0.c1023
>>> tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
>>>
>>> AND
>>>
>>> type=AVC msg=audit(1401195880.487:401): avc: denied { getattr }
>>> for pid=1064 comm="chronyd" path="/etc/hosts" dev="dm-0" ino=270007
>>> scontext=system_u:system_r:chronyd_t:s0
>>> tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
>>>
>>>
>>> type=SYSCALL msg=audit(1401195880.487:401): arch=x86_64 syscall=fstat
>>> success=yes exit=0 a0=4 a1=7fff126bb590 a2=7fff126bb590 a3=0 items=0
>>> ppid=1 pid=1064 auid=4294967295 uid=997 gid=996 euid=997 suid=997
>>> fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295
>>> comm=chronyd exe=/usr/sbin/chronyd
>>> subj=system_u:system_r:chronyd_t:s0 key=(null)
>>>
>>> Each of the errors are caused by attempts to access the hosts file.
>>>
>>> Emmett
>>>
>>> --
>>> selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>> "admin_home_t" is label for files/dirs in /root directory. It means
>> the /etc/hosts is moved from this directory. Any chance you have a
>> script which does it?
>>
>>
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list