[SSSD-users] Re: AVC alerts for process working in /var/lib/sss

On Wed, 2022-03-16 at 14:47 +0100, Lukas Slebodnik wrote: There are lots. One such example, and the first one of a series: type=PROCTITLE msg=audit(1647710324.067:172072): proctitle=7368002D63002F686F6D652F6D6F74696F6E2F6D6F7669655F656E642032002026 type=SYSCALL msg=audit(1647710324.067:172072): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5573bf195680 a2=80000 a3=0 items=0 ppid=967054 pid=3299344 auid=4294967295 uid=982 gid=39 euid=982 suid=982 fsuid=982 egid=39 sgid=39 fsgid=39 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:motion_t:s0 key=(null) type=AVC msg=audit(1647710324.067:172072): avc: denied { search } for pid=3299344 comm="sh" name="sss" dev="dm-8" ino=210 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0 That's a lot of files, particularly in /var/lib/sss/db/. The relevant files I think are: drwxr-xr-x. 10 root root system_u:object_r:sssd_var_lib_t:s0 4096 Feb 2 05:24 /var/lib/sss/ drwx------. 2 sssd sssd system_u:object_r:sssd_var_lib_t:s0 36864 Mar 19 13:17 /var/lib/sss/db dm-8 inode 210: # ls -lid /var/lib/sss 210 drwxr-xr-x. 10 root root 4096 Feb 2 05:24 /var/lib/sss Cheers, b.