fail2ban to rpm??
by lejeczek
hi everybody
on my one system I see something weir...
setroubleshoot[58420]: SELinux is preventing
/usr/bin/python2.7 from getattr access on the file
/usr/bin/rpm. For complete SELinux messages. run sealert -l
892542a6-b3ea-48eb-b76f-cadffdbdbb84
Nov 02 22:21:27 rider.private.ccnr.ceb.private.cam.ac.uk
python[58420]: SELinux is preventing /usr/bin/python2.7 from
getattr access on the file /usr/bin/rpm.
Source Context
system_u:system_r:fail2ban_client_t:s0
Target Context system_u:object_r:rpm_exec_t:s0
Target Objects /usr/bin/rpm [ file ]
Source fail2ban-client
Source Path /usr/bin/python2.7
fail2ban wants to run rpm ???
unless some binaries I have mislabelled this would be
suspicious, no?? What do you think?
THXALOT
L.
7 years, 5 months
- 4
- 4
AVC on systemd mounting drive
by Bill shirley
I'm getting an AVC in the boot process when systemd tries to mount a drive. It's too early in the boot process
for it to be in /var/log/audit/audit.log. I don't speak AVC well enough to generate a rule without the log entry:
Nov 03 10:31:05 c3po.example.com audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="lan" dev="dm-0"
ino=100732081 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:samba_share_t:s0 tclass=dir permissive=0
[0:root@c3po shorewall 2]$ ls -ldZ /lan
drwxr-xr-x. 4 root root system_u:object_r:samba_share_t:s0 37 Jan 15 2011 /lan
/etc/fstab:
# /dev/sdf1 - lvm - storage-LAN
UUID=3817923e-98d6-4876-bffc-5aef71a2b9a2 /lan xfs defaults,nofail 0 2
Can anyone help me create a module from the AVC similar to the one I have for shorewall?:
module my_shorewall 1.0;
require {
type var_lock_t;
type shorewall_t;
class file { create getattr relabelfrom relabelto setattr unlink write };
}
#============= shorewall_t ==============
#!!!! WARNING: 'var_lock_t' is a base type.
#!!!! The file '/run/lock/subsys/shorewall' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /run/lock/subsys/shorewall
allow shorewall_t var_lock_t:file { create getattr relabelfrom relabelto setattr unlink write };
Thanks,
Bill
7 years, 5 months
- 3
- 2