On Wed, 2022-03-16 at 14:47 +0100, Lukas Slebodnik wrote:
Could you share ful reposort fom audit ?
e.g. ausearch -m AVC
There are lots. One such example, and the first one of a series:
type=PROCTITLE msg=audit(1647710324.067:172072):
proctitle=7368002D63002F686F6D652F6D6F74696F6E2F6D6F7669655F656E642032002026
type=SYSCALL msg=audit(1647710324.067:172072): arch=c000003e syscall=257 success=no
exit=-13 a0=ffffff9c a1=5573bf195680 a2=80000 a3=0 items=0 ppid=967054 pid=3299344
auid=4294967295 uid=982 gid=39 euid=982 suid=982 fsuid=982 egid=39 sgid=39 fsgid=39
tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash"
subj=system_u:system_r:motion_t:s0 key=(null)
type=AVC msg=audit(1647710324.067:172072): avc: denied { search } for pid=3299344
comm="sh" name="sss" dev="dm-8" ino=210
scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0
tclass=dir permissive=0
Could you share SELinux context of affected files and directories?
e.g.
ls -lZ /var/lib/sss/ /var/lib/sss/*/
That's a lot of files, particularly in /var/lib/sss/db/. The relevant
files I think are:
drwxr-xr-x. 10 root root system_u:object_r:sssd_var_lib_t:s0 4096 Feb 2 05:24
/var/lib/sss/
drwx------. 2 sssd sssd system_u:object_r:sssd_var_lib_t:s0 36864 Mar 19 13:17
/var/lib/sss/db
dm-8 inode 210:
# ls -lid /var/lib/sss
210 drwxr-xr-x. 10 root root 4096 Feb 2 05:24 /var/lib/sss
Cheers,
b.