start > seLinux > Fix Problems
(2021-10-05)
… then it works.
Scroll down to the bottom; the last entry starts with:
Now when I enable enforcement and restart snmpd again, everything works.
CentOS 8 Problem: autofs isn't using /etc/auto.nfs to mount things.
Error in /var/log/audit/audit.log:audit.log:type=AVC msg=audit(1633441257.707:78): avc: denied { read } for pid=1346 comm="automount" name="auto.master" dev="sda2" ino=33588565 scontext=system_u:system_r:automount_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0Solution
# ausearch -c "automount"
time->Tue Oct 5 09:40:57 2021
type=PROCTITLE msg=audit(1633441257.707:78): proctitle=2F7573722F7362696E2F6175746F6D6F756E74002D2D73797374656D642D73657276696365002D2D646F6E742D636865636B2D6461656D6F6E
type=SYSCALL msg=audit(1633441257.707:78): arch=c000003e syscall=21 success=no exit=-13 a0=562e4d0d7e60 a1=4 a2=7fff45df2010 a3=0 items=0 ppid=1 pid=1346 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 key=(null)
type=AVC msg=audit(1633441257.707:78): avc: denied { read } for pid=1346 comm="automount" name="auto.master" dev="sda2" ino=33588565 scontext=system_u:system_r:automount_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0# ausearch -c "automount" | audit2allow -M my-auto.master
******************** IMPORTANT ***********************
To make this policy package active, execute:semodule -i my-auto.master.pp# semodule -i my-auto.master.pp
#Previously
(2017-09-20)Example Problem
I'm on a CentOS 7.4.1708 system. I copied /etc/snmp/snmpd.conf from another system. When I query snmpd, I get nothing back. If I issue a# setenforce 0
Troubleshooting
# yum -y install setroubeshoot < ten million RPMs install ># sealert -a /var/log/audit/audit.log | less
SELinux is preventing /usr/sbin/snmpd from getattr access on the file /etc/snmp/snmpd.conf.***** Plugin restorecon (99.5 confidence) suggests ************************If you want to fix the label. /etc/snmp/snmpd.conf default label should be etc_t. Then you can run restorecon. Do # /sbin/restorecon -v /etc/snmp/snmpd.conf
Solution
# /sbin/restorecon -v /etc/snmp/snmpd.conf /sbin/restorecon reset /etc/snmp/snmpd.conf context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:etc_t:s0
Commentary
That was much less painful than previous expeditions into selinux. It still isn't clear what's going on, but figuring out what's wrong and how to fix it quickly is much easier. It would be nice if the setroubleshoot tool didn't decide you needed a bunch of X dependencies though.
no comments |
post comment
Virtual Dave Megaplex:
Home Page- This wiki's start page
- Send Feedback To Dave
Logged in Users: (0)
Recently Changed
List Connected Users- Test TLS version
- Fix Problems
- Microsoft Teams
- failed to load driver: swrast
- List Logged In Users On Remote System
- List Servers in an AD
- iPerf3 Client
- Useful tshark Examples
- Top Talkers
- Displaying Logs From Console
- pubkey
- Permanent Static Routing
- Add IP Information To issue File
- SSH Pubkey doesn't work
- VM under VMWare Player won't resize screen on drag
- Looping Over Files With Spaces In Their Names
- DHCP Reservations
- PHP 7
- Find Transparent Proxy Systems
- Active Directory with SSSD
- Could Not Format Alternate Root
- Use User's Password As Enable Password
- VPN Status
- Startup Control
- nbtstat for Linux
- Additional Disk
- SSH pubkey authentication
- CLI Restore Configuration
- Example nmcli Commands
Editing: snipsnap-help, Image Macro(Et auditum est, et idcirco ego nunc simulare)
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.