How to whitelist a user avc?
Miroslav Grepl
mgrepl at redhat.com
Tue Sep 29 08:57:07 UTC 2015
On 09/28/2015 10:34 PM, Bruno Wolff III wrote:
> I have a problem in F23 (that wasn't in F22), where getmail (or its feed
> into qmail) doesn't work in enforcing mode. I first tried using
> audit2allow to whitelist all of the avcs.
Could you attach them?
There could be also a selinux_err message in audit.log.
That didn't work. Then I used
> semodule -DB in case there was a don't audit rule and then used
> audit2allow again to get the data for a local semodule and it still
> didn't work. I am seeing a user avc in the logs, that I suspect isn't
> getting handled by audit2allow, but I am not sure how to say its OK or
> change things so I don't hit it:
> type=USER_AVC msg=audit(1443471901.485:584): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission
> stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=?
> addr=? terminal=?'
>
> I tried searching for some of the text, but I didn't find any relevant
> references.
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
More information about the selinux
mailing list