View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017756 | CentOS-7 | selinux-policy | public | 2020-09-25 21:03 | 2020-09-26 17:15 |
| Reporter | darkrai005 | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0017756: SELinux is preventing newaliases from 'open' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6. | ||||
| Description | Description of problem: SELinux is preventing newaliases from 'open' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that newaliases should be allowed open access on the disable_ipv6 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'newaliases' --raw | audit2allow -M my-newaliases # semodule -i my-newaliases.pp Additional Information: Source Context unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c 1023 Target Context system_u:object_r:sysctl_net_t:s0 Target Objects /proc/sys/net/ipv6/conf/all/disable_ipv6 [ file ] Source newaliases Source Path newaliases Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-266.el7_8.1.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 Alert Count 1 First Seen 2020-09-26 02:18:27 IST Last Seen 2020-09-26 02:18:27 IST Local ID be5d0725-7273-47d2-9e72-5d7921599215 Raw Audit Messages type=AVC msg=audit(1601066907.631:795): avc: denied { open } for pid=25355 comm="newaliases" path="/proc/sys/net/ipv6/conf/all/disable_ipv6" dev="proc" ino=303 scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=0 Hash: newaliases,system_mail_t,sysctl_net_t,file,open Version-Release number of selected component: selinux-policy-3.13.1-266.el7_8.1.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1127.19.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | d2568155d534131885c5fc99c92e2440735afb88c4843b3e2360cd478980100c | ||||
| URL | |||||
 |
newaliases doesn't normally access anything below /proc so please provide the output of " rpm -qf $(which newaliases) " |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-09-25 21:03 | darkrai005 | New Issue | |
| 2020-09-26 17:15 | ManuelWolfshant | Note Added: 0037738 |
