Rawhide SELinux issues

[Miroslav Grepl]

On 07/03/2012 05:27 PM, Paul Howarth wrote:
> I have a Rawhide VM on which I'm seeing some strange issues.
>
> Firstly, I'm getting some AVCs that I don't understand and can't get 
> rid of using audit2allow:
>
> type=AVC msg=audit(1341327661.200:69): avc:  denied  { 0x10 } for 
> pid=537 comm="sssd_nss" capability=36 
> scontext=system_u:system_r:sssd_t:s0 
> tcontext=system_u:system_r:sssd_t:s0 tclass=capability2
>
> (audit2allow doesn't output anything for this)
>
> Secondly, I'm seeing denials for kernel_dgram_send for a wide variety 
> of domains:
>
> kernel_dgram_send(NetworkManager_t)
> kernel_dgram_send(audisp_t)
> kernel_dgram_send(auditd_t)
> kernel_dgram_send(avahi_t)
> kernel_dgram_send(chronyd_t)
> kernel_dgram_send(dhcpc_t)
> kernel_dgram_send(dnsmasq_t)
> kernel_dgram_send(ftpd_t)
> kernel_dgram_send(modemmanager_t)
> kernel_dgram_send(nfsd_t)
> kernel_dgram_send(rpcd_t)
> kernel_dgram_send(sendmail_t)
> kernel_dgram_send(setroubleshootd_t)
> kernel_dgram_send(smf_spf_milter_t)
> kernel_dgram_send(sshd_t)
> kernel_dgram_send(sssd_t)
> kernel_dgram_send(system_dbusd_t)
> kernel_dgram_send(systemd_tmpfiles_t)
>
> Is this something that needs adding to a basic domain template? Or 
> should I not be getting these?
This is a systemd/dracut issue. A bug is opened.
>
> Paul.
> -- 
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux