Hello,
I do not how to deal wit this issue: in fc34 and fc36.
SELinux security alert recommend the following:
You need to change the label on /var/usermin/miniserv.pid # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t, etc... a long list of FILE_TYPE
Which one should I choose?
Thank
=========================================================================== Patrick DUPRÉ | | email: pdupre@gmx.com Laboratoire interdisciplinaire Carnot de Bourgogne 9 Avenue Alain Savary, BP 47870, 21078 DIJON Cedex FRANCE Tel: +33 (0)380395988 | | Room# D114A ===========================================================================
On 2022-07-12 01:02, Patrick Dupre wrote:
I do not how to deal wit this issue: in fc34 and fc36.
SELinux security alert recommend the following:
You need to change the label on /var/usermin/miniserv.pid # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t, etc... a long list of FILE_TYPE
Which one should I choose?
That doesn't appear to be an application that comes from a Fedora package. Where did you get it from? You should probably ask them about it.
Also, what is the full message you received? You don't need to include the entire FILE_TYPE list.
On 2022-07-12 01:02, Patrick Dupre wrote:
I do not how to deal wit this issue: in fc34 and fc36.
SELinux security alert recommend the following:
You need to change the label on /var/usermin/miniserv.pid # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t, etc... a long list of FILE_TYPE
Which one should I choose?
That doesn't appear to be an application that comes from a Fedora package. Where did you get it from? You should probably ask them about it.
You are right, it come from usermin
Also, what is the full message you received? You don't need to include the entire FILE_TYPE list.
You need to change the label on /var/usermin/miniserv.pid # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t, ...... zoneminder_var_run_t, zos_remote_exec_t. Then execute: restorecon -v '/var/usermin/miniserv.pid'
The other recommendation is
SELinux is preventing systemd from read access on the file /var/usermin/miniserv.pid.
Plugin: catchall SELinux denied access requested by systemd. It is not expected that this access is required by systemd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
If you believe that systemd should be allowed read access on the miniserv.pid file by default. You should report this as a bug. You can generate a local policy module to allow this access. Allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp
But running ausearch -c 'systemd' --raw | audit2allow -M my-systemd and semodule -X 300 -i my-systemd.pp
does not help.
-
Patrick Dupre -
Samuel Sieb