View Issue Details

IDProjectCategoryView StatusLast Update
0018359CentOS-7selinux-policypublic2021-11-23 15:49
Reporterhaoyahao3 Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0018359: SELinux is preventing auditd from using the 'fowner' capabilities.
DescriptionDescription of problem:
SELinux is preventing auditd from using the 'fowner' capabilities.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that auditd should have the fowner capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'auditd' --raw | audit2allow -M my-auditd
# semodule -i my-auditd.pp

Additional Information:
Source Context system_u:system_r:auditd_t:s0
Target Context system_u:system_r:auditd_t:s0
Target Objects Unknown [ capability ]
Source auditd
Source Path auditd
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 5.15.0-1.el7.elrepo.x86_64 #1 SMP
                              Sun Oct 31 17:19:16 EDT 2021 x86_64 x86_64
Alert Count 3
First Seen 2021-11-09 19:37:57 CST
Last Seen 2021-11-22 00:23:46 CST
Local ID c5cc5617-8f5a-4197-908f-5ceb5f2753cb

Raw Audit Messages
type=AVC msg=audit(1637511826.848:33194): avc: denied { fowner } for pid=2784 comm="auditd" capability=3 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=capability permissive=0

Hash: auditd,auditd_t,auditd_t,capability,fowner

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 5.15.0-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2021-11-23 15:49

manager   ~0038748

Please relabel your system, I am pretty sure that both this error and the other one that you have reported are caused by a mislabel

Issue History

Date Modified Username Field Change
2021-11-23 09:04 haoyahao3 New Issue
2021-11-23 15:49 ManuelWolfshant Note Added: 0038748