Denial showing up even when allow rule appied
Anamitra Dutta Majumdar (anmajumd)
anmajumd at cisco.com
Tue May 21 15:36:56 UTC 2013
Hi Dan,
Thanks for the pointer . Will give this a try.
-Anamitra
On 5/21/13 6:07 AM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>> 2. The AVC denial is type=AVC msg=audit(1369081665.408:8113): avc:
>>denied
>> { create } for pid=18379 comm="usermod" name="passwd+"
>> scontext=specialuser_u:system_r:pwrecoveryd_t:s0
>> tcontext=system_u:object_r:etc_t:s0 tclass=file
>
>The avc shows a process running as SELinux user is attempting to create a
>file
>labeled system_u:object_r:etc_t:s0. Since you are changing the SELinux
>user
>component you get an AVC. Does your app do a setfscreatecon() call?
>
>domain_obj_id_change_exemption(pwrecoveryd_t) is probably what you need.
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.13 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iEYEARECAAYFAlGbcZkACgkQrlYvE4MpobMVegCfVG3yKECgQriAUxY8mxAA85cJ
>cP8AnisdaxW1NcIvuwMzRp65r+/KiEeV
>=R7ik
>-----END PGP SIGNATURE-----
More information about the selinux
mailing list