I have an odd problem. Users running as staff_u are unable to run ls in
/var on one system only (though I haven't tested all of them).
It is definetly an SELinux thing, setenforce 0, problem goes away,
setenforce 1, problem returns. ausearch -m avc -ts now shows nothing.
restorecon on /var yields nothing and the labels are the same from one
system to the next.
id -Z
staff_u:staff_r:staff_t:s0-s0:c0.c1023
Same on both systems (this is set via IPA and SSSD)
So I can't really figure out where the problem lies:
ls -lZd /var
drwxr-xr-x. root root system_u:object_r:var_t:s0 /var
Any ideas?
-Erinn