Unexpected behavior in permissive mode
Joseph L. Casale
jcasale at activenetwerx.com
Sat Apr 4 01:05:57 UTC 2015
With the policy updates that came with centos 7.1 update, I am trying to
update a few local policies we have but with `setenforce 0` I do not get
an avc at all when running my app, however enabling it and rerunning it
generates one, but without seeing them all that approach would be like
wack-a-mole.
The avc I am getting after setenforce 1 is run is:
type=AVC msg=audit(1428109185.330:570): avc: denied { execute_no_trans } for pid=3953 comm="su" path="/usr/sbin/unix_chkpwd" dev="dm-0" ino=25468477 scontext=system_u:system_r:bacula_t:s0 tcontext=sytype=SYSCAL
Why does this not trigger a denial in permissive mode?
Thanks,
jlc
More information about the selinux
mailing list