selinux
Page 1 of 1
selinux
by tangy2 Mon Oct 07, 2013 3:33 pm
SELinux is preventing systemd-readahe from read access on the chr_file urandom.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow global to ssp
Then you must tell SELinux about this by enabling the 'global_ssp' boolean.
You can read 'None' man page for more details.
Do
setsebool -P global_ssp 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that systemd-readahe should be allowed read access on the urandom chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep systemd-readahe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:readahead_t:s0
Target Context system_u:object_r:urandom_device_t:s0
Target Objects urandom [ chr_file ]
Source systemd-readahe
Source Path systemd-readahe
Port
Host localhost.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.12.1-75.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain 3.11.3-301.fc20.x86_64
#1 SMP Thu Oct 3 00:57:21 UTC 2013 x86_64 x86_64
Alert Count 2
First Seen 2013-10-07 15:31:37 PDT
Last Seen 2013-10-07 15:31:59 PDT
Local ID d77054f3-d815-454b-bc6a-3be6eef6d706
Raw Audit Messages
type=AVC msg=audit(1381185119.65:458): avc: denied { read } for pid=221 comm="systemd-readahe" name="urandom" dev="devtmpfs" ino=5981 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
Hash: systemd-readahe,readahead_t,urandom_device_t,chr_file,read
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow global to ssp
Then you must tell SELinux about this by enabling the 'global_ssp' boolean.
You can read 'None' man page for more details.
Do
setsebool -P global_ssp 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that systemd-readahe should be allowed read access on the urandom chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep systemd-readahe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:readahead_t:s0
Target Context system_u:object_r:urandom_device_t:s0
Target Objects urandom [ chr_file ]
Source systemd-readahe
Source Path systemd-readahe
Port
Host localhost.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.12.1-75.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain 3.11.3-301.fc20.x86_64
#1 SMP Thu Oct 3 00:57:21 UTC 2013 x86_64 x86_64
Alert Count 2
First Seen 2013-10-07 15:31:37 PDT
Last Seen 2013-10-07 15:31:59 PDT
Local ID d77054f3-d815-454b-bc6a-3be6eef6d706
Raw Audit Messages
type=AVC msg=audit(1381185119.65:458): avc: denied { read } for pid=221 comm="systemd-readahe" name="urandom" dev="devtmpfs" ino=5981 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
Hash: systemd-readahe,readahead_t,urandom_device_t,chr_file,read
tangy2- Posts : 805
money : 874
bitches : 10
Join date : 2013-10-03
Age : 27
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|