SELinux AVC denials coming in Centos7.3
SELinux AVC denials coming in Centos7.3
I'm getting Selinux AVC denials with new Centos7.3 due to which services are not coming up. We have tried loading policies related to denials ,but still observing those denials .? Can you please help to identify the reason?
Last edited by vyshnav on 2017/11/21 11:47:49, edited 1 time in total.
Re: SELinux AVC denials coming in Centos7.3
New and CentOS 7.3 are mutually contradictory - 7.4 is out, 7.3 is out of date.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: SELinux AVC denials coming in Centos7.3
Sorry am working in Centos7.3 , am hitting issue in CentOS7.3TrevorH wrote:New and CentOS 7.3 are mutually contradictory - 7.4 is out, 7.3 is out of date.
Re: SELinux AVC denials coming in Centos7.3
Yes but the point is, 7.3 is no more, you should be using 7.4.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: SELinux AVC denials coming in Centos7.3
In Centos 6.8 i was not getting these avc denial issue, but when i updated to centos 7 i was getting this issue ,TrevorH wrote:Yes but the point is, 7.3 is no more, you should be using 7.4.
after loading policy also these avc denials are persisting. After loading policy its locally allowing those denials ,but when i do fresh installation again its coming.can you please help me to find the reason behind this.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: SELinux AVC denials coming in Centos7.3
As Trevor mentioned - updating is highly recommended.
As a dirty workaround:
1.Set SELinux in permissive mode to log as much as possible.
2.Run 'sealert -a /var/log/audit/audit.log |less' to view what's blocked and how to create your policy.
3.Set SELinux in enforcing to test the policy.If needed -repeat again.
As a dirty workaround:
1.Set SELinux in permissive mode to log as much as possible.
2.Run 'sealert -a /var/log/audit/audit.log |less' to view what's blocked and how to create your policy.
3.Set SELinux in enforcing to test the policy.If needed -repeat again.
Re: SELinux AVC denials coming in Centos7.3
ok , thanks for the reply. But its not working for my case.using sepolicy generate and audit2allow i have generated policies and loaded to rpm,but again after fresh installation getting the same denial.hunter86_bg wrote:As Trevor mentioned - updating is highly recommended.
As a dirty workaround:
1.Set SELinux in permissive mode to log as much as possible.
2.Run 'sealert -a /var/log/audit/audit.log |less' to view what's blocked and how to create your policy.
3.Set SELinux in enforcing to test the policy.If needed -repeat again.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: SELinux AVC denials coming in Centos7.3
Maybe you should provide a sample.
What do you mean - after fresh install ?
What do you mean - after fresh install ?
Re: SELinux AVC denials coming in Centos7.3
I have added all these policies to an rpm and ,created a new iso .When i installed this newly created iso , I'm facing problemhunter86_bg wrote:Maybe you should provide a sample.
What do you mean - after fresh install ?