View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017148 | CentOS-7 | selinux-policy | public | 2020-03-13 15:00 | 2020-03-13 15:00 |
| Reporter | somohano | ||||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Platform | OS | OS Version | 7 | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0017148: SELinux is preventing /app/agent from 'connectto' accesses on the unix_stream_socket /run/docker.sock. | ||||
| Description | Description of problem: el iniciar el servicio de docker SELinux is preventing /app/agent from 'connectto' accesses on the unix_stream_socket /run/docker.sock. ***** Plugin catchall (100. confidence) suggests ************************** Si cree que de manera predeterminada se debería permitir a agent el acceso connectto sobre docker.sock unix_stream_socket. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso temporalmente ejecutando: # ausearch -c 'agent' --raw | audit2allow -M mi-agent # semodule -i mi-agent.pp Additional Information: Source Context system_u:system_r:container_t:s0:c588,c773 Target Context system_u:system_r:container_runtime_t:s0 Target Objects /run/docker.sock [ unix_stream_socket ] Source agent Source Path /app/agent Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-957.12.1.el7.x86_64 #1 SMP Mon Apr 29 14:59:59 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2020-03-13 15:53:29 CET Last Seen 2020-03-13 15:53:29 CET Local ID e2400398-1ab2-45f3-af84-aeada184ed17 Raw Audit Messages type=AVC msg=audit(1584111209.535:2001): avc: denied { connectto } for pid=3686 comm="agent" path="/run/docker.sock" scontext=system_u:system_r:container_t:s0:c588,c773 tcontext=system_u:system_r:container_runtime_t:s0 tclass=unix_stream_socket permissive=0 type=SYSCALL msg=audit(1584111209.535:2001): arch=x86_64 syscall=connect success=no exit=EACCES a0=3 a1=c0003ca410 a2=17 a3=0 items=0 ppid=3660 pid=3686 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=agent exe=/app/agent subj=system_u:system_r:container_t:s0:c588,c773 key=(null) Hash: agent,container_t,container_runtime_t,unix_stream_socket,connectto Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.12.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.12.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 56566c9d71179e70874b1c58d69ceaecf73834cd20e474a85d296517d962f1e3 | ||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-03-13 15:00 | somohano | New Issue |
