I have been getting the following SElinux alert:
SELinux is preventing key.dns_resolve from setattr access on the key
labeled kernel_t.
Is it safe to create a rule to ignore this? Known issue?
--
___
users mailing list -- users@lists.fedoraproject.org
dac_read_search says that linux permissions are denying access.
and it says the file is /etc/shadow, and no one except root is
supposed to be able to read that file.
So whatever is trying to read /etc/shadow should not be trying to read
it, and makes me wonder what is going on, and/or why some pr
On 1/6/22 11:53, George N. White III wrote:
On Thu, 6 Jan 2022 at 11:13, Robert Moskowitz wrote:
On 1/5/22 23:10, Samuel Sieb wrote:
> On 1/5/22 18:18, Robert Moskowitz wrote:
>> On 1/5/22 21:16, Ed Greshko wrote:
>>> On 06/01/2022 09:25, Robert Moskowitz wrote:
On Thu, 6 Jan 2022 at 11:13, Robert Moskowitz wrote:
>
>
> On 1/5/22 23:10, Samuel Sieb wrote:
> > On 1/5/22 18:18, Robert Moskowitz wrote:
> >> On 1/5/22 21:16, Ed Greshko wrote:
> >>> On 06/01/2022 09:25, Robert Moskowitz wrote:
>
>
> On 1/5/22 17:17, Ed Greshko wrote:
> > On
On 1/5/22 23:10, Samuel Sieb wrote:
On 1/5/22 18:18, Robert Moskowitz wrote:
On 1/5/22 21:16, Ed Greshko wrote:
On 06/01/2022 09:25, Robert Moskowitz wrote:
On 1/5/22 17:17, Ed Greshko wrote:
On 05/01/2022 21:02, Robert Moskowitz wrote:
If you want to help identify if domain needs this
On 1/5/22 18:18, Robert Moskowitz wrote:
On 1/5/22 21:16, Ed Greshko wrote:
On 06/01/2022 09:25, Robert Moskowitz wrote:
On 1/5/22 17:17, Ed Greshko wrote:
On 05/01/2022 21:02, Robert Moskowitz wrote:
If you want to help identify if domain needs this access or you
have a file with the wro
one seems to be home.
Here is the full detail; it looks like it may be logwatch causing
the problem. What do I do to fix this?
===
SELinux is preventing mktemp from using the dac_read_search
capability.
* Plugin dac_override (91.4 confidence) suggests
full detail; it looks like it may be logwatch causing the problem.
What do I do to fix this?
===
SELinux is preventing mktemp from using the dac_read_search capability.
* Plugin dac_override (91.4 confidence) suggests **
If you want to help identify if domain
causing the
problem. What do I do to fix this?
===
SELinux is preventing mktemp from using the dac_read_search capability.
* Plugin dac_override (91.4 confidence) suggests
**
If you want to help identify if domain needs this access or you have
a file with
fix this?
===
SELinux is preventing mktemp from using the dac_read_search capability.
* Plugin dac_override (91.4 confidence) suggests **
If you want to help identify if domain needs this access or you have a file
with the wrong permissions on your system
Then
I keep getting these errors.
I got them back with F32 and Xfce, and now with F35 and Xfce.
I asked on the SElinux list, but no one seems to be home.
Here is the full detail; it looks like it may be logwatch causing the
problem. What do I do to fix this?
===
SELinux is
I had this on F30 and pretty much ignored it. Now I am getting it on
this new F32 install:
What daily process is causing this?
SELinux is preventing mktemp from using the dac_read_search capability.
* Plugin dac_override (91.4 confidence) suggests **
If you want to
Looks like it wants you to fix your labels on /var/log
restorecon -R -v /var/log
On 10/22/2015 11:00 AM, Neal Becker wrote:
> Oct 22 10:59:22 nbecker2 setroubleshoot: Plugin Exception restorecon_source
> Oct 22 10:59:22 nbecker2 setroubleshoot: SELinux is preventing rsyslogd from
>
Oct 22 10:59:22 nbecker2 setroubleshoot: Plugin Exception restorecon_source
Oct 22 10:59:22 nbecker2 setroubleshoot: SELinux is preventing rsyslogd from
getattr access on the file
/var/log/journal/fccec5c8cc894bf498ba8ffed7383cd0/user-1000@000522048e0844a5-
c0bb6e169852fd4d.journal~. For
gt;>>>MAINTAINER Robert P. J. Day
>>>>>>>>ENV REFRESHED_AT 2015-08-18
>>>>>>>>
>>>>>>>>RUN apt-get -y -q update && apt-get -y -q install nginx
>>>>>>>>... snip ...
>>
R Robert P. J. Day
> >>>>>>ENV REFRESHED_AT 2015-08-18
> >>>>>>
> >>>>>>RUN apt-get -y -q update && apt-get -y -q install nginx
> >>>>>>... snip ...
> >>>>>>
> >&
-y -q install nginx
... snip ...
and it was *entirely* reproducible that the instant docker started to
process that "RUN apt-get" command, the wireless connection on my
Fedora 22 laptop was blown away. grabbed this from SELinux:
===== start =
SELinux is preventing /usr/libexec/ab
On 08/19/2015 08:03 AM, Robert P. J. Day wrote:
> On Wed, 19 Aug 2015, Daniel J Walsh wrote:
>
>> With SELinux disabled you should not be getting any AVC's
>>
>> If you turn SELInux back on and do a full relabel, I think the problem
>> will go away.
>>
>> Something is crashing though which is cau
>>>>
> >>>> and it was *entirely* reproducible that the instant docker started to
> >>>> process that "RUN apt-get" command, the wireless connection on my
> >>>> Fedora 22 laptop was blown away. grabbed this from SELinux:
> >>>>
> &
On Wed, 19 Aug 2015, Daniel J Walsh wrote:
> With SELinux disabled you should not be getting any AVC's
>
> If you turn SELInux back on and do a full relabel, I think the problem
> will go away.
>
> Something is crashing though which is causing the AVC
as in, enabled and not just permissive?
rd
2015-08-18
>>>>
>>>> RUN apt-get -y -q update && apt-get -y -q install nginx
>>>> ... snip ...
>>>>
>>>> and it was *entirely* reproducible that the instant docker started to
>>>> process that "RUN apt-get&quo
nstall nginx
> >> ... snip ...
> >>
> >> and it was *entirely* reproducible that the instant docker started to
> >> process that "RUN apt-get" command, the wireless connection on my
> >> Fedora 22 laptop was blown away. grabbed this from SELinu
tant docker started to
>> process that "RUN apt-get" command, the wireless connection on my
>> Fedora 22 laptop was blown away. grabbed this from SELinux:
>>
>> = start =
>>
>> SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigch
n my
> Fedora 22 laptop was blown away. grabbed this from SELinux:
>
> = start =
>
> SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigchld
> access on a process.
>
> * Plugin catchall (100. confidence) suggests **
>
&
apt-get -y -q install nginx
... snip ...
and it was *entirely* reproducible that the instant docker started to
process that "RUN apt-get" command, the wireless connection on my
Fedora 22 laptop was blown away. grabbed this from SELinux:
===== start =
SELinux is preventing /usr/libe
n wrote:
> >>> 2015-06-27 15:11 GMT+02:00, Andras Simon :
> >>>> Should I be worried about the $subject?
> >>> And there's also a "SELinux is preventing sh from execute access on
> >>> the file /usr/sbin/ldconfig" which I've onl
t;>> On 06/27/15 21:15, Andras Simon wrote:
>>>>> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>>>>>> Should I be worried about the $subject?
>>>>> And there's also a "SELinux is preventing sh from execute access on
>>>>> the fil
> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>>>>> Should I be worried about the $subject?
>>>> And there's also a "SELinux is preventing sh from execute access on
>>>> the file /usr/sbin/ldconfig" which I've only just noticed. It sound
worried about the $subject?
>>> And there's also a "SELinux is preventing sh from execute access on
>>> the file /usr/sbin/ldconfig" which I've only just noticed. It sounds
>>> even scarier.
>>>
>> Does your output match these?
>>
>&
[Sorry for the late answer, I was away from this machine.]
2015-06-28 1:01 GMT+02:00, Ed Greshko :
> On 06/27/15 21:15, Andras Simon wrote:
>> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>>> Should I be worried about the $subject?
>> And there's also a "SELinux is
Hi Dan,
On Mon, Jun 29, 2015 at 06:09:29AM -0400, Daniel J Walsh wrote:
> On 06/28/2015 07:53 AM, Suvayu Ali wrote:
> >
> > time->Thu Jun 25 17:56:49 2015
I looked up dnf history for that time, the summary is attached.
> This is very strange. Doing ldconfig during a package update is
> expected
On 06/29/15 18:18, Daniel J Walsh wrote:
> Ok well I am stumped, one possible thing would be if firewalld somehow
> caused an rpm/yum/dnf transaction to happen.
Well, my ausearch -m avc gave me entries for only time->Sun Jun 21 08:20:44
2015.
I checked my dnf.rpm.logs and this was happening at th
gt;> On 06/27/15 21:15, Andras Simon wrote:
>>>>>> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>>>>>>> Should I be worried about the $subject?
>>>>>> And there's also a "SELinux is preventing sh from execute access on
>>>>>
gt;> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>>>>>> Should I be worried about the $subject?
>>>>> And there's also a "SELinux is preventing sh from execute access on
>>>>> the file /usr/sbin/ldconfig" which I've only just noticed. I
>>> Should I be worried about the $subject?
>>>> And there's also a "SELinux is preventing sh from execute access on
>>>> the file /usr/sbin/ldconfig" which I've only just noticed. It sounds
>>>> even scarier.
>>>>
>>
On Sun, Jun 28, 2015 at 06:04:38AM -0400, Daniel J Walsh wrote:
>
>
> On 06/27/2015 07:01 PM, Ed Greshko wrote:
> > On 06/27/15 21:15, Andras Simon wrote:
> >> 2015-06-27 15:11 GMT+02:00, Andras Simon :
> >>> Should I be worried about the $subject?
> >&
On 06/28/15 18:04, Daniel J Walsh wrote:
>
> On 06/27/2015 07:01 PM, Ed Greshko wrote:
>> On 06/27/15 21:15, Andras Simon wrote:
>>> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>>>> Should I be worried about the $subject?
>>> And there's also a &
On 06/27/2015 07:01 PM, Ed Greshko wrote:
> On 06/27/15 21:15, Andras Simon wrote:
>> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>>> Should I be worried about the $subject?
>> And there's also a "SELinux is preventing sh from execute access on
>> the file
On 06/27/15 21:15, Andras Simon wrote:
> 2015-06-27 15:11 GMT+02:00, Andras Simon :
>> Should I be worried about the $subject?
> And there's also a "SELinux is preventing sh from execute access on
> the file /usr/sbin/ldconfig" which I've only just noticed. It
2015-06-27 15:11 GMT+02:00, Andras Simon :
> Should I be worried about the $subject?
And there's also a "SELinux is preventing sh from execute access on
the file /usr/sbin/ldconfig" which I've only just noticed. It sounds
even scarier.
Andras
--
users mailing list
users@
Should I be worried about the $subject?
Andras
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraprojec
On 04/16/2015 12:58 PM, Patrick O'Callaghan wrote:
On Thu, 2015-04-16 at 09:32 -0600, Lawrence E Graves wrote:
If you believe that chrome-sandbox should be allowed write access on
the oom_score_adj file by default.
Then you should report this as a bug.
Did you?
My thoughts exactly. Putting
On Thu, 2015-04-16 at 09:32 -0600, Lawrence E Graves wrote:
> If you believe that chrome-sandbox should be allowed write access on
> the oom_score_adj file by default.
> Then you should report this as a bug.
Did you?
poc
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or chan
SELinux is preventing chrome-sandbox from write access on the file
oom_score_adj.
* Plugin chrome (98.5 confidence) suggests
If you want to use the plugin package
Then you must turn off SELinux controls on the Chrome plugins.
Do
# setsebool -P
On 03/21/2015 02:03 PM, Lawrence E Graves wrote:
> SELinux is preventing abrt-dump-journ from read access on the file
> /usr/lib64/libreport.so.0.
>
> * Plugin restorecon (82.4 confidence) suggests
>
>
> If you want to fix the label.
> /
# ls -lZ /
root should have label
dr-xr-x---. 3 root root system_u:object_r:admin_home_t:s0 4096 Mar
21 11:44 root
If it doesn't.
restorecon -rv /
Chris Murphy
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/
SELinux is preventing abrt-dump-journ from read access on the file
/usr/lib64/libreport.so.0.
* Plugin restorecon (82.4 confidence) suggests
If you want to fix the label.
/usr/lib64/libreport.so.0 default label should be lib_t.
Then you can run restorecon.
Do
SELinux is preventing mkdir from write access on the directory root.
* Plugin catchall (100. confidence) suggests **
If you believe that mkdir should be allowed write access on the root
directory by default.
Then you should report this as a bug.
You can generate a
ing I need to do to get
> these alerts and warnings to cease? Any help would be appreciated!
>
> Thanx!
>
>
> EGO II
>
>
> SELinux is preventing /usr/lib/systemd/systemd-**hostnamed from open
> access on the file /sys/devices/virtual/dmi/id/**chass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/21/2013 07:23 AM, Roger wrote:
That is a permissive domain so actually nothing was being blocked by the
access. It should be fixed in the next update.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Th
On 02/21/2013 03:12 PM, Shane wrote:
On 02/20/2013 09:50 PM, Eddie G. O'Connor Jr. wrote:
I kep receiving messages like this every now and thenI'm just
wondering.should I be concerned? Is there something I need to do
to get these alerts and warnings to cease? Any help would be
apprecia
same issue today. It's a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=912616 . A fix was pushed
yesterday. I'm waiting on the fix.
Shane
Thanx!
EGO II
SELinux is preventing /usr/lib/systemd/systemd-hostnamed from open
access on the file /sys/devices/virtual
I kep receiving messages like this every now and thenI'm just
wondering.should I be concerned? Is there something I need to do to
get these alerts and warnings to cease? Any help would be appreciated!
Thanx!
EGO II
SELinux is preventing /usr/lib/systemd/systemd-hostnamed from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/24/2012 12:51 PM, SES wrote:
> I keep getting this security warning- anyone have any ideas?:
>
> SELinux is preventing /usr/bin/totem-video-thumbnailer from create access
> on the directory .gstreamer-0.10
>
>
> Thanks!
SES wrote:
> I keep getting this security warning- anyone have any ideas?:
>
> SELinux is preventing /usr/bin/totem-video-thumbnailer from create
> access on the directory .gstreamer-0.10
Please run this command and reply with the output:
$ restorecon -Rv ~/.gstreamer-0.10
See if
I keep getting this security warning- anyone have any ideas?:
SELinux is preventing /usr/bin/totem-video-thumbnailer from create
access on the directory .gstreamer-0.10
Thanks!
SES
--
"mysterium fide"
THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL
OR ENTITY TO W
On Fri, Feb 17, 2012 at 1:26 PM, SES wrote:
> What's up with these errors...they are persistant? see below...
>
> Thanks for your patience...I love Fedora!
>
> SES
>
> SELinux is preventing /usr/libexec/accounts-daemon from read access on
> the file cpuinfo.
Are yo
What's up with these errors...they are persistant? see below...
Thanks for your patience...I love Fedora!
SES
SELinux is preventing /usr/libexec/accounts-daemon from read access on
the file cpuinfo.
* Plugin catchall (100. confidence) suggests
***
If you be
On 01/27/2012 11:37 AM, Lawrence Graves wrote:
SELinux is preventing /bin/bash from execute_no_trans access on the None
/opt/brother/Printers/mfcj615w/lpd/filtermfcj615w.
I'm not sure what you want from us; are you asking for advice, or just
reporting the issue? If the former, I'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/27/2012 02:41 PM, Lawrence Graves wrote:
> SELinux is preventing /usr/bin/brprintconf_mfcj615w from write
> access on the None /opt/brother/Printers/mfcj615w/inf.
>
> * Plugin catchall (100. confiden
SELinux is preventing /usr/bin/brprintconf_mfcj615w from write access on
the None /opt/brother/Printers/mfcj615w/inf.
* Plugin catchall (100. confidence) suggests
***
If you believe that brprintconf_mfcj615w should be allowed write access
on the inf by default
SELinux is preventing /bin/bash from execute_no_trans access on the None
/opt/brother/Printers/mfcj615w/lpd/filtermfcj615w.
* Plugin catchall (100. confidence) suggests
***
If you believe that bash should be allowed execute_no_trans access on
the filtermfcj615w
SELinux is preventing /bin/bash from execute access on the None
/opt/brother/Printers/mfcj615w/cupswrapper/brcupsconfpt1.
* Plugin catchall (100. confidence) suggests
***
If you believe that bash should be allowed execute access on the
brcupsconfpt1 by default
some of the SELinux messages seeing now
in /mnt/sdc7/var/log/messages
on the enforcing=0 relabel attempt:
Dec 12 09:21:45 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from execute access on the file
/usr/lib/libgp11.so.0.0.0. For complete SELinux messages. run sealert
-l 002
On Mon, 12 Dec 2011, Daniel J Walsh wrote:
> > Suppose one makes a backup using rsync. What is the proper way to
> > back up the security labels along with the data?
> >
> > I tried using rsync's -X option, which is supposed to preserve
> > extended attributes. All that happened was I got a hu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/12/2011 12:38 PM, Alan Stern wrote:
> On Mon, 12 Dec 2011, David Quigley wrote:
>
>> It looks like your backup didn't backup the security labels. How
>> did you make the back up?
>
> Suppose one makes a backup using rsync. What is the proper w
On Mon, 12 Dec 2011, David Quigley wrote:
> It looks like your backup didn't backup the security labels. How did
> you make the back up?
Suppose one makes a backup using rsync. What is the proper way to
back up the security labels along with the data?
I tried using rsync's -X option, which is
4 kernel: [ 99.305929] Xorg:1655 freeing invalid
> memtype f88e8000-f88f8000
> Dec 10 10:49:45 f14 kernel: [ 99.305954] Xorg:1655 freeing invalid
> memtype f88f8000-f8908000
>
> Dec 10 10:49:47 f14 setroubleshoot: SELinux is preventing /bin/login
> from entrypoint access on the
e f88f8000-f8908000
Dec 10 10:49:47 f14 setroubleshoot: SELinux is preventing /bin/login
from entrypoint access on the file /usr/bin/gnome-keyring-da
emon. For complete SELinux messages. run sealert -l
78e20e61-45c0-47c7-a7e5-760752d2ae93
Dec 10 10:49:50 f14 setroubleshoot: SELinux is preventing /bin/
On Tue, 07 Jun 2011 12:28:03 -0700, Joe Zeff wrote:
> On 06/07/2011 06:46 AM, Lawrence E Graves wrote:
>> SELinux is preventing
>> /usr/libexec/gnome-session-check-accelerated-helper from 'read, write'
>> accesses on the chr_file nvidiactl.
>
> Have you tri
On 06/07/2011 06:46 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper
> from 'read, write' accesses on the chr_file nvidiactl.
Have you tried following the instructions SELinux gives you? If so,
what happens; if not, wh
On 06/07/2011 09:54 PM, Daniel J Walsh wrote:
> There is an open bug for this with a fix moving through the process.
> Please do not spam the list with these alerts.
You may also want to consider trimming your responses to remove the
spam :-)
--
users mailing list
users@lists.fedoraproject.o
On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/colord from getattr access on the file
> /usr/local/Brother/sane/models3/ext4.ini.
>
> * Plugin catchall (100. confidence) suggests ***
>
> If you believe tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/colord from getattr access on the file
> /usr/local/Brother/sane/models3/ext4.ini.
>
> * Plugin catchall (100. confiden
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/07/2011 09:46 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper
> from 'read, write' accesses on the chr_file nvidiactl.
>
> * Plugin device (91.
SELinux is preventing /usr/libexec/colord from getattr access on the file
/usr/local/Brother/sane/models3/ext4.ini.
* Plugin catchall (100. confidence) suggests ***
If you believe that colord should be allowed getattr access on the ext4.ini
file by default.
Then
SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper from
'read, write' accesses on the chr_file nvidiactl.
* Plugin device (91.4 confidence) suggests *
If you want to allow gnome-session-check-accelerated-helper to have read wri
This is what I got when using the command you given me. chcon command
SELinux is preventing /usr/libexec/colord from getattr access on the file
/usr/local/Brother/sane/models3/ext1.ini.
* Plugin catchall (100. confidence) suggests ***
If you believe that colord
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/06/2011 08:41 AM, Ed Greshko wrote:
> On 06/06/2011 08:19 PM, Lawrence E Graves wrote:
>> SELinux is preventing /usr/libexec/colord from getattr access on the file
>> /usr/local/Brother/sane/models3/ext4.ini.
>
> So, you&#
On 06/06/2011 08:19 PM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/colord from getattr access on the file
> /usr/local/Brother/sane/models3/ext4.ini.
So, you've installed a package supplied by Brother...and not from the
Fedora repository. So, it is certain
SELinux is preventing /usr/libexec/colord from getattr access on the file
/usr/local/Brother/sane/models3/ext4.ini.
* Plugin catchall (100. confidence) suggests ***
If you believe that colord should be allowed getattr access on the ext4.ini
file by default.
Then
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/23/2011 03:12 PM, Lawrence E Graves wrote:
> SELinux is preventing khidpd_0d620558 from write access on the socket Unknown.
>
> * Plugin catchall (100. confidence) suggests ***
>
> If y
SELinux is preventing khidpd_0d620558 from write access on the socket Unknown.
* Plugin catchall (100. confidence) suggests ***
If you believe that khidpd_0d620558 should be allowed write access on the
Unknown socket by default.
Then you should report this as a bug
83 matches
Mail list logo
