On 05/22/2014 10:31 PM, Miroslav Grepl wrote:
> On 05/22/2014 06:35 PM, Emmett Culley wrote:
>> I am continually getting getattr and read AVC errors. From my research, I
believe it is because my hosts file gets modified each time I VPN into my work network.
>>
>> I cause the host names and IP addresses that are part of the internal work
network to be appended to the hosts file upon the VPN connection and then restore the
original hosts file upon disconnection.
>>
>> I have tried restorecon /etc/hosts, but I still get the warnings. I have also
done the mypol fixes suggested in the troubleshooting dialog's details page. Nothing
I do resolves this issue.
>>
>> How can I prevent these AVC errors? Or at least properly modify my hosts file
(and possibly others) the SELinux way?
>>
>> Emmett
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
> What AVC message are you getting?
>
> What OS?
>
> Regards,
> Miroslav
>
Linux (Fedora 20)
type=AVC msg=audit(1401200342.155:473): avc: denied { read } for pid=5501
comm="httpd" name="hosts" dev="dm-0" ino=270007
scontext=system_u:system_r:httpd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
AND
type=AVC msg=audit(1401195880.487:401): avc: denied { getattr } for pid=1064
comm="chronyd" path="/etc/hosts" dev="dm-0" ino=270007
scontext=system_u:system_r:chronyd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0
tclass=file
type=SYSCALL msg=audit(1401195880.487:401): arch=x86_64 syscall=fstat success=yes exit=0
a0=4 a1=7fff126bb590 a2=7fff126bb590 a3=0 items=0 ppid=1 pid=1064 auid=4294967295 uid=997
gid=996 euid=997 suid=997 fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295
comm=chronyd exe=/usr/sbin/chronyd subj=system_u:system_r:chronyd_t:s0 key=(null)
Each of the errors are caused by attempts to access the hosts file.
Emmett
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux "admin_home_t"
is label for files/dirs in /root directory. It means the
/etc/hosts is moved from this directory. Any chance you have a script
which does it?