python2.7 using sys_admin capability

Support for security such as Firewalls and securing linux
Post Reply
bayupermadi
Posts: 7
Joined: 2017/07/03 05:20:55
Location: Malang, Indonesia

python2.7 using sys_admin capability

Post by bayupermadi » 2017/11/08 11:54:25

Hi,

Today I found in my messages log about some applications want to use `sys_admin` capability to execute. Luckily this prevented by selinux active. Here is the logs I found out
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
auditd[889]: Audit daemon rotating log files with keep option
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
setroubleshoot: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability. For complete SELinux messages. run sealert -l 29fca89a-22e6-4d70-9c17-4bc7db77e840
python: SELinux is preventing /usr/bin/python2.7 from using the sys_admin capability.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python2.7 should have the sys_admin capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
I've looking for the messages meaning but can't find it. Is it consider as bug? about 2 weeks ago I install Java 9 provided by Oracle. Is it related with this kind of message?

Thank you for your reply

Regards,


Bayu Permadi

Post Reply