View Issue Details

IDProjectCategoryView StatusLast Update
0017148CentOS-7selinux-policypublic2020-03-13 15:00
Reportersomohano Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0017148: SELinux is preventing /app/agent from 'connectto' accesses on the unix_stream_socket /run/docker.sock.
DescriptionDescription of problem:
el iniciar el servicio de docker
SELinux is preventing /app/agent from 'connectto' accesses on the unix_stream_socket /run/docker.sock.

***** Plugin catchall (100. confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a agent el acceso connectto sobre docker.sock unix_stream_socket.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
permita el acceso temporalmente ejecutando:
# ausearch -c 'agent' --raw | audit2allow -M mi-agent
# semodule -i mi-agent.pp

Additional Information:
Source Context system_u:system_r:container_t:s0:c588,c773
Target Context system_u:system_r:container_runtime_t:s0
Target Objects /run/docker.sock [ unix_stream_socket ]
Source agent
Source Path /app/agent
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.12.1.el7.x86_64 #1 SMP
                              Mon Apr 29 14:59:59 UTC 2019 x86_64 x86_64
Alert Count 1
First Seen 2020-03-13 15:53:29 CET
Last Seen 2020-03-13 15:53:29 CET
Local ID e2400398-1ab2-45f3-af84-aeada184ed17

Raw Audit Messages
type=AVC msg=audit(1584111209.535:2001): avc: denied { connectto } for pid=3686 comm="agent" path="/run/docker.sock" scontext=system_u:system_r:container_t:s0:c588,c773 tcontext=system_u:system_r:container_runtime_t:s0 tclass=unix_stream_socket permissive=0

type=SYSCALL msg=audit(1584111209.535:2001): arch=x86_64 syscall=connect success=no exit=EACCES a0=3 a1=c0003ca410 a2=17 a3=0 items=0 ppid=3660 pid=3686 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=agent exe=/app/agent subj=system_u:system_r:container_t:s0:c588,c773 key=(null)

Hash: agent,container_t,container_runtime_t,unix_stream_socket,connectto

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-957.12.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-03-13 15:00 somohano New Issue