From: Miroslav Grepl <mgrepl(a)redhat.com>
On 04/23/2013 04:37 PM, m.roth(a)5-cent.us wrote:
m.roth(a)5-cent.us wrote:
>
This is very frustrating. My manager rebooted this morning, so now I'm not
sure about which avc I wrote about yesterday. However, I see various
things:
<snip>
3. This one makes *zero* sense to me: SELinux is preventing
/lib64/security/pam_krb5/pam_krb5_storetmp from execute access on the
file /lib64/security/pam_krb5/pam_krb5_storetmp. ll -Z
-rwxr-xr-x. root root system_u:object_r:bin_t:s0
/lib64/security/pam_krb5/pam_krb5_storetmp*
<snip>
And last one would need
corecmd_exec_bin() for a source type from AVC msg which we don't
have.
Not sure how to use that, but I'm at work for a few more minutes, and it's
telling me, from sealert,
SELinux is preventing /lib64/security/pam_krb5/pam_krb5_storetmp from
execute access on the file /lib64/security/pam_krb5/pam_krb5_storetmp.
And one of the raw avcs is:
type=AVC msg=audit(1367010914.610:143690): avc: denied {
execute_no_trans } for pid=1310 comm="auth"
path="/lib64/security/pam_krb5/pam_krb5_storetmp" dev=sda3 ino=15343658
scontext=system_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file
Thanks.
mark