Code: Select all
Feb 13 15:18:37 prom1 platform-python[23599]: SELinux is preventing /usr/bin/cat from search access on the directory rpc.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that cat should be allowed search access on the rpc directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'cat' --raw | audit2allow -M my-cat#012# semodule -X 300 -i my-cat.pp#012
Feb 13 15:18:40 prom1 setroubleshoot[23599]: SELinux is preventing cat from getattr access on the file /proc/<pid>/net/rpc/nfsd. For complete SELinux messages run: sealert -l b7828754-85ae-4b0e-a61c-6de745885369
Feb 13 15:18:40 prom1 platform-python[23599]: SELinux is preventing cat from getattr access on the file /proc/<pid>/net/rpc/nfsd.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that cat should be allowed getattr access on the nfsd file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'cat' --raw | audit2allow -M my-cat#012# semodule -X 300 -i my-cat.pp#012
Feb 13 15:20:00 prom1 systemd[1]: Starting system activity accounting tool...
Feb 13 15:20:00 prom1 systemd[1]: Started system activity accounting tool.
Feb 13 15:22:34 prom1 sssd[kcm][15824]: Shutting down
Feb 13 15:23:36 prom1 dbus-daemon[1131]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.19551' (uid=0 pid=23590 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)
Feb 13 15:23:36 prom1 dbus-daemon[1131]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Feb 13 15:23:37 prom1 setroubleshoot[23631]: SELinux is preventing /usr/bin/cat from search access on the directory rpc. For complete SELinux messages run: sealert -l 429fa616-ceda-4436-be6d-5c3f1ada3462
Feb 13 15:23:37 prom1 platform-python[23631]: SELinux is preventing /usr/bin/cat from search access on the directory rpc.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that cat should be allowed search access on the rpc directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'cat' --raw | audit2allow -M my-cat#012# semodule -X 300 -i my-cat.pp#012
Feb 13 15:23:40 prom1 setroubleshoot[23631]: SELinux is preventing /usr/sbin/zpool from 'read, write' accesses on the chr_file zfs. For complete SELinux messages run: sealert -l 56a12972-324c-461e-8df4-92225b0cb42f
Feb 13 15:23:40 prom1 platform-python[23631]: SELinux is preventing /usr/sbin/zpool from 'read, write' accesses on the chr_file zfs.#012#012***** Plugin device (91.4 confidence) suggests ****************************#012#012If you want to allow zpool to have read write access on the zfs chr_file#012Then you need to change the label on zfs to a type of a similar device.#012Do#012# semanage fcontext -a -t SIMILAR_TYPE 'zfs'#012# restorecon -v 'zfs'#012#012***** Plugin catchall (9.59 confidence) suggests **************************#012#012If you believe that zpool should be allowed read write access on the zfs chr_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zpool' --raw | audit2allow -M my-zpool#012# semodule -X 300 -i my-zpool.pp#012
Feb 13 15:23:43 prom1 setroubleshoot[23631]: failed to retrieve rpm info for /dev/zfs
Feb 13 15:23:43 prom1 setroubleshoot[23631]: SELinux is preventing zpool from open access on the chr_file /dev/zfs. For complete SELinux messages run: sealert -l fe70b75d-d838-4419-8b19-4b35f3ca45b3
Feb 13 15:23:43 prom1 platform-python[23631]: SELinux is preventing zpool from open access on the chr_file /dev/zfs.#012#012***** Plugin device (91.4 confidence) suggests ****************************#012#012If you want to allow zpool to have open access on the zfs chr_file#012Then you need to change the label on /dev/zfs to a type of a similar device.#012Do#012# semanage fcontext -a -t SIMILAR_TYPE '/dev/zfs'#012# restorecon -v '/dev/zfs'#012#012***** Plugin catchall (9.59 confidence) suggests **************************#012#012If you believe that zpool should be allowed open access on the zfs chr_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zpool' --raw | audit2allow -M my-zpool#012# semodule -X 300 -i my-zpool.pp#012
Feb 13 15:23:55 prom1 dbus-daemon[1131]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.19551' (uid=0 pid=23590 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)
Feb 13 15:23:55 prom1 dbus-daemon[1131]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Feb 13 15:23:55 prom1 setroubleshoot[23668]: failed to retrieve rpm info for /dev/zfs
Feb 13 15:23:55 prom1 setroubleshoot[23668]: SELinux is preventing zpool from ioctl access on the chr_file /dev/zfs. For complete SELinux messages run: sealert -l 302d7bf3-b954-4fbf-8e16-ea2e6b38b225
Feb 13 15:23:55 prom1 platform-python[23668]: SELinux is preventing zpool from ioctl access on the chr_file /dev/zfs.#012#012***** Plugin device (91.4 confidence) suggests ****************************#012#012If you want to allow zpool to have ioctl access on the zfs chr_file#012Then you need to change the label on /dev/zfs to a type of a similar device.#012Do#012# semanage fcontext -a -t SIMILAR_TYPE '/dev/zfs'#012# restorecon -v '/dev/zfs'#012#012***** Plugin catchall (9.59 confidence) suggests **************************#012#012If you believe that zpool should be allowed ioctl access on the zfs chr_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zpool' --raw | audit2allow -M my-zpool#012# semodule -X 300 -i my-zpool.pp#012
This is /etc/selinux/config
Code: Select all
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted