API tools faq
paste
sajjads24

selinux error

sajjads24
Aug 15th, 2017
150
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.47 KB | None | 0 0
raw download clone embed print report
  1. SELinux is preventing systemd-tmpfile from using the dac_read_search capability.
  2.  
  3. *****  Plugin dac_override (91.4 confidence) suggests   **********************
  4.  
  5. If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system
  6. Then turn on full auditing to get path information about the offending file and generate the error again.
  7. Do
  8.  
  9. Turn on full auditing
  10. # auditctl -w /etc/shadow -p w
  11. Try to recreate AVC. Then execute
  12. # ausearch -m avc -ts recent
  13. If you see PATH record check ownership/permissions on file, and fix it,
  14. otherwise report as a bugzilla.
  15.  
  16. *****  Plugin catchall (9.59 confidence) suggests   **************************
  17.  
  18. If you believe that systemd-tmpfile should have the dac_read_search capability by default.
  19. Then you should report this as a bug.
  20. You can generate a local policy module to allow this access.
  21. Do
  22. allow this access for now by executing:
  23. # ausearch -c 'systemd-tmpfile' --raw | audit2allow -M my-systemdtmpfile
  24. # semodule -X 300 -i my-systemdtmpfile.pp
  25.  
  26. Additional Information:
  27. Source Context                system_u:system_r:systemd_tmpfiles_t:s0
  28. Target Context                system_u:system_r:systemd_tmpfiles_t:s0
  29. Target Objects                Unknown [ capability ]
  30. Source                        systemd-tmpfile
  31. Source Path                   systemd-tmpfile
  32. Port                          <Unknown>
  33. Host                          localhost.localdomain
  34. Source RPM Packages          
  35. Target RPM Packages          
  36. Policy RPM                    selinux-policy-3.13.1-260.3.fc26.noarch
  37. Selinux Enabled               True
  38. Policy Type                   targeted
  39. Enforcing Mode                Enforcing
  40. Host Name                     localhost.localdomain
  41. Platform                      Linux localhost.localdomain 4.12.5-300.fc26.x86_64
  42.                               #1 SMP Mon Aug 7 15:27:25 UTC 2017 x86_64 x86_64
  43. Alert Count                   240
  44. First Seen                    2017-08-15 18:19:26 +0430
  45. Last Seen                     2017-08-15 18:19:26 +0430
  46. Local ID                      7741404c-0cce-471f-9b5c-4c507d0b3ff2
  47.  
  48. Raw Audit Messages
  49. type=AVC msg=audit(1502804966.863:470): avc:  denied  { dac_read_search } for  pid=1988 comm="systemd-tmpfile" capability=2  scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=0
  50.  
  51.  
  52. Hash: systemd-tmpfile,systemd_tmpfiles_t,systemd_tmpfiles_t,capability,dac_read_search
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!