selinux denials when starting docker in F23
Bruno Wolff III
bruno at wolff.to
Fri Oct 9 17:07:27 UTC 2015
On Fri, Oct 09, 2015 at 12:43:52 -0400,
Dusty Mabe <dusty at dustymabe.com> wrote:
>
>
>On 10/08/2015 03:06 PM, Dusty Mabe wrote:
>>and this is in the journal:
>>
>>```
>>Oct 08 19:04:31 cloudhost.localdomain audit[1]: USER_AVC pid=1 uid=0
>>auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
>>msg='Unknown permission stop for class system
>>exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
>>Oct 08 19:04:31 cloudhost.localdomain audit[1]: USER_AVC pid=1 uid=0
>>auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
>>msg='Unknown permission stop for class system
>>exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
>>```
>
>Any comments on the USER_AVC statements? Even if I have docker.pp I
>still see these.
I got something similar running getmail from cron. I asked about it on the
selinux list but didn't get any suggestions on how to make a rule to allow this
(audit2allow doesn't seem to handle this avc.)
More information about the cloud
mailing list