View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0018029 | CentOS-7 | selinux-policy | public | 2021-01-21 17:46 | 2021-01-21 17:46 |
| Reporter | forwishes | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0018029: SELinux is preventing chcon from using the 'mac_admin' capabilities. | ||||
| Description | Description of problem: maybe when using the sonnet software SELinux is preventing chcon from using the 'mac_admin' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that chcon should have the mac_admin capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'chcon' --raw | audit2allow -M my-chcon # semodule -i my-chcon.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects Unknown [ capability2 ] Source chcon Source Path chcon Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64 x86_64 Alert Count 4 First Seen 2021-01-22 00:44:09 CST Last Seen 2021-01-22 00:44:12 CST Local ID 628ae028-dedc-44fe-95b2-b60079a85d3a Raw Audit Messages type=AVC msg=audit(1611247452.853:317): avc: denied { mac_admin } for pid=14724 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 Hash: chcon,unconfined_t,unconfined_t,capability2,mac_admin Version-Release number of selected component: selinux-policy-3.13.1-268.el7_9.2.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.11.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 4b2836aaae5f8a6b2910ce9e37529854d3c26f7aee986b386d8fea9801a94701 | ||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-01-21 17:46 | forwishes | New Issue |
