On Sun, Aug 21, 2022 at 5:21 PM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote:
> Since July 6, I've been seeing a lot of AVC's though I've not changed > anything in my policies. Any ideas why? > > The majority seem to be device_t:sock_file write which implies to me that > it's a macro that's missing in the base policies. > The denials rather indicate some problem on your filesystem. Are you aware of any recent changes? > [root@mail mail]# ausearch -m avc | audit2allow > > > #============= antivirus_t ============== > allow antivirus_t device_t:sock_file write; ...trimmed > Just guessing, but try to execute the following command to display incorrect labels: # restorecon -Rvn /run/systemd/journal or even (which can take a long time) # restorecon -Rvn / To troubleshoot further, show currently mounted filesystems, installed selinux-policy packages, and enable full auditing: # mount | grep tmpfs # rpm -qa "selinux-policy*" 1) Open the /etc/audit/rules.d/audit.rules file in an editor. 2) Remove the following line if it exists: -a task,never 3) Add the following line to the end of the file: -w /etc/shadow -p w 4) Restart the audit daemon: # service auditd restart 5) Re-run your scenario. 6) Collect AVC denials: # ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today And this may or may not be related, but I'm also getting a lot of ssh > dropped connections: > > ssh_dispatch_run_fatal: Connection to 192.168.4.3 port 22: message > authentication code incorrect > This cannot be assessed without any data. -- Zdenek Pytela Security SELinux team
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
