On (15/03/22 18:45), Brian J. Murrell wrote:
I am getting some SELinux AVC alerts for a given process in a given domain that seems to want to be able to read files in /var/lib/sss/.
strace(1)ing the (unprivileged) process it seem to want to do the following:
4024612 openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
Could you share ful reposort fom audit ? e.g. ausearch -m AVC
Could you share SELinux context of affected files and directories?
e.g. ls -lZ /var/lib/sss/ /var/lib/sss/*/
LS