View Issue Details

IDProjectCategoryView StatusLast Update
0017756CentOS-7selinux-policypublic2020-09-26 17:15
Reporterdarkrai005 Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0017756: SELinux is preventing newaliases from 'open' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6.
DescriptionDescription of problem:
SELinux is preventing newaliases from 'open' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that newaliases should be allowed open access on the disable_ipv6 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'newaliases' --raw | audit2allow -M my-newaliases
# semodule -i my-newaliases.pp

Additional Information:
Source Context unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c
Target Context system_u:object_r:sysctl_net_t:s0
Target Objects /proc/sys/net/ipv6/conf/all/disable_ipv6 [ file ]
Source newaliases
Source Path newaliases
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-266.el7_8.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1127.19.1.el7.x86_64 #1 SMP
                              Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64
Alert Count 1
First Seen 2020-09-26 02:18:27 IST
Last Seen 2020-09-26 02:18:27 IST
Local ID be5d0725-7273-47d2-9e72-5d7921599215

Raw Audit Messages
type=AVC msg=audit(1601066907.631:795): avc: denied { open } for pid=25355 comm="newaliases" path="/proc/sys/net/ipv6/conf/all/disable_ipv6" dev="proc" ino=303 scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=0

Hash: newaliases,system_mail_t,sysctl_net_t,file,open

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1127.19.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2020-09-26 17:15

manager   ~0037738

newaliases doesn't normally access anything below /proc so please provide the output of " rpm -qf $(which newaliases) "

Issue History

Date Modified Username Field Change
2020-09-25 21:03 darkrai005 New Issue
2020-09-26 17:15 ManuelWolfshant Note Added: 0037738