Denial showing up even when allow rule appied
Daniel J Walsh
dwalsh at redhat.com
Tue May 21 13:07:37 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> 2. The AVC denial is type=AVC msg=audit(1369081665.408:8113): avc: denied
> { create } for pid=18379 comm="usermod" name="passwd+"
> scontext=specialuser_u:system_r:pwrecoveryd_t:s0
> tcontext=system_u:object_r:etc_t:s0 tclass=file
The avc shows a process running as SELinux user is attempting to create a file
labeled system_u:object_r:etc_t:s0. Since you are changing the SELinux user
component you get an AVC. Does your app do a setfscreatecon() call?
domain_obj_id_change_exemption(pwrecoveryd_t) is probably what you need.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGbcZkACgkQrlYvE4MpobMVegCfVG3yKECgQriAUxY8mxAA85cJ
cP8AnisdaxW1NcIvuwMzRp65r+/KiEeV
=R7ik
-----END PGP SIGNATURE-----
More information about the selinux
mailing list