Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Selinux: AVC denials on boot
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
soleera
n00b
n00b


Joined: 14 Jun 2017
Posts: 1

PostPosted: Wed Jun 14, 2017 12:33 am    Post subject: Selinux: AVC denials on boot Reply with quote

Just looking for some help with resolving AVC denials at boot time. I've relabeled my system with rlpkg -ar and have activated booleans as suggested by audit2allow, so now I'm just left with this:
Code:
Missing type enforcement (TE) allow rule.

It seems like a lot of the denials are related to objects in the run directory having a tmpfs_t label, though I'm not sure if that's of any consequence. Any help would be much appreciated!

Code:

type=AVC msg=audit(1497399116.986:45): avc:  denied  { write } for  pid=5641 comm="dbus-daemon" name="/" dev="tmpfs" ino=14615 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399116.986:45): avc:  denied  { add_name } for  pid=5641 comm="dbus-daemon" name="dbus.pid" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399116.986:45): avc:  denied  { create } for  pid=5641 comm="dbus-daemon" name="dbus.pid" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399116.986:45): avc:  denied  { write open } for  pid=5641 comm="dbus-daemon" path="/run/dbus.pid" dev="tmpfs" ino=17837 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399116.986:46): avc:  denied  { getattr } for  pid=5641 comm="dbus-daemon" path="/run/dbus.pid" dev="tmpfs" ino=17837 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.027:47): avc:  denied  { write } for  pid=5700 comm="metalog" name="/" dev="tmpfs" ino=14615 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.027:47): avc:  denied  { add_name } for  pid=5700 comm="metalog" name="metalog.pid" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.027:47): avc:  denied  { create } for  pid=5700 comm="metalog" name="metalog.pid" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.027:47): avc:  denied  { write open } for  pid=5700 comm="metalog" path="/run/metalog.pid" dev="tmpfs" ino=3856 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.027:48): avc:  denied  { setattr } for  pid=5700 comm="metalog" name="metalog.pid" dev="tmpfs" ino=3856 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.027:49): avc:  denied  { getattr } for  pid=5700 comm="metalog" path="/run/metalog.pid" dev="tmpfs" ino=3856 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.079:50): avc:  denied  { create } for  pid=5772 comm="crond" name="crond.pid" scontext=system_u:system_r:crond_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.079:50): avc:  denied  { read write open } for  pid=5772 comm="crond" path="/run/crond.pid" dev="tmpfs" ino=15220 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.079:51): avc:  denied  { lock } for  pid=5772 comm="crond" path="/run/crond.pid" dev="tmpfs" ino=15220 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.079:52): avc:  denied  { setattr } for  pid=5772 comm="crond" name="crond.pid" dev="tmpfs" ino=15220 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.104:53): avc:  denied  { write } for  pid=5804 comm="avahi-daemon" name="/" dev="tmpfs" ino=14615 scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.104:53): avc:  denied  { add_name } for  pid=5804 comm="avahi-daemon" name="avahi-daemon" scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.104:53): avc:  denied  { create } for  pid=5804 comm="avahi-daemon" name="avahi-daemon" scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.104:54): avc:  denied  { setattr } for  pid=5804 comm="avahi-daemon" name="avahi-daemon" dev="tmpfs" ino=22344 scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.104:55): avc:  denied  { getattr } for  pid=5804 comm="avahi-daemon" path="/run/avahi-daemon" dev="tmpfs" ino=22344 scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.104:56): avc:  denied  { create } for  pid=5804 comm="avahi-daemon" name="pid" scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.104:56): avc:  denied  { read write open } for  pid=5804 comm="avahi-daemon" path="/run/avahi-daemon/pid" dev="tmpfs" ino=22346 scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.104:57): avc:  denied  { lock } for  pid=5804 comm="avahi-daemon" path="/run/avahi-daemon/pid" dev="tmpfs" ino=22346 scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.104:58): avc:  denied  { create } for  pid=5804 comm="avahi-daemon" name="socket" scontext=system_u:system_r:avahi_t tcontext=system_u:object_r:tmpfs_t tclass=sock_file permissive=1
type=AVC msg=audit(1497399117.225:59): avc:  denied  { getattr } for  pid=5865 comm="NetworkManager" path="/run" dev="tmpfs" ino=14615 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.225:60): avc:  denied  { write } for  pid=5865 comm="NetworkManager" name="/" dev="tmpfs" ino=14615 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.225:60): avc:  denied  { add_name } for  pid=5865 comm="NetworkManager" name="NetworkManager" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.225:60): avc:  denied  { create } for  pid=5865 comm="NetworkManager" name="NetworkManager" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.226:61): avc:  denied  { create } for  pid=5866 comm="NetworkManager" name="NetworkManager.pid" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.226:61): avc:  denied  { write open } for  pid=5866 comm="NetworkManager" path="/run/NetworkManager/NetworkManager.pid" dev="tmpfs" ino=16674 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.230:62): avc:  denied  { read } for  pid=5866 comm="NetworkManager" name="+pci:0000:24:00.0" dev="tmpfs" ino=19716 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.230:63): avc:  denied  { getattr } for  pid=5866 comm="NetworkManager" path="/run/udev/data/+pci:0000:24:00.0" dev="tmpfs" ino=19716 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399117.231:64): avc:  denied  { write } for  pid=5866 comm="NetworkManager" name="/" dev="sysfs" ino=1 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399117.654:65): avc:  denied  { create } for  pid=5730 comm="console-kit-dae" name="inhibit.BNR61Y.pipe" scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:consolekit_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399117.654:66): avc:  denied  { read } for  pid=5730 comm="console-kit-dae" name="inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:consolekit_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399117.654:66): avc:  denied  { open } for  pid=5730 comm="console-kit-dae" path="/run/ConsoleKit/inhibit/inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:consolekit_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399117.654:67): avc:  denied  { getattr } for  pid=5730 comm="console-kit-dae" path="/run/ConsoleKit/inhibit/inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:consolekit_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399117.654:68): avc:  denied  { write } for  pid=5730 comm="console-kit-dae" name="inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:consolekit_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399117.655:69): avc:  denied  { use } for  pid=5642 comm="dbus-daemon" path="/run/ConsoleKit/inhibit/inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:system_r:consolekit_t tclass=fd permissive=1
type=AVC msg=audit(1497399117.655:69): avc:  denied  { write } for  pid=5642 comm="dbus-daemon" path="/run/ConsoleKit/inhibit/inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:consolekit_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399117.655:70): avc:  denied  { use } for  pid=5866 comm="gdbus" path="/run/ConsoleKit/inhibit/inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:system_r:consolekit_t tclass=fd permissive=1
type=AVC msg=audit(1497399117.655:70): avc:  denied  { write } for  pid=5866 comm="gdbus" path="/run/ConsoleKit/inhibit/inhibit.BNR61Y.pipe" dev="tmpfs" ino=2553 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:consolekit_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399117.656:71): avc:  denied  { execute } for  pid=5881 comm="dbus-daemon-lau" name="ModemManager" dev="nvme0n1p4" ino=13402016 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:bin_t tclass=file permissive=1
type=AVC msg=audit(1497399117.656:71): avc:  denied  { read open } for  pid=5881 comm="dbus-daemon-lau" path="/usr/sbin/ModemManager" dev="nvme0n1p4" ino=13402016 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:bin_t tclass=file permissive=1
type=AVC msg=audit(1497399117.656:71): avc:  denied  { execute_no_trans } for  pid=5881 comm="dbus-daemon-lau" path="/usr/sbin/ModemManager" dev="nvme0n1p4" ino=13402016 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:bin_t tclass=file permissive=1
type=AVC msg=audit(1497399117.667:72): avc:  denied  { create } for  pid=5881 comm="ModemManager" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:system_r:system_dbusd_t tclass=netlink_kobject_uevent_socket permissive=1
type=AVC msg=audit(1497399117.667:73): avc:  denied  { setopt } for  pid=5881 comm="ModemManager" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:system_r:system_dbusd_t tclass=netlink_kobject_uevent_socket permissive=1
type=AVC msg=audit(1497399117.668:74): avc:  denied  { bind } for  pid=5881 comm="ModemManager" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:system_r:system_dbusd_t tclass=netlink_kobject_uevent_socket permissive=1
type=AVC msg=audit(1497399117.668:75): avc:  denied  { getattr } for  pid=5881 comm="ModemManager" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:system_r:system_dbusd_t tclass=netlink_kobject_uevent_socket permissive=1
type=AVC msg=audit(1497399117.681:76): avc:  denied  { read } for  pid=5881 comm="ModemManager" name="c4:64" dev="tmpfs" ino=12720 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.283:77): avc:  denied  { write } for  pid=5945 comm="gpm" name="/" dev="tmpfs" ino=14615 scontext=system_u:system_r:gpm_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399118.283:77): avc:  denied  { add_name } for  pid=5945 comm="gpm" name="gpm.pid" scontext=system_u:system_r:gpm_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399118.283:77): avc:  denied  { create } for  pid=5945 comm="gpm" name="gpm.pid" scontext=system_u:system_r:gpm_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.283:77): avc:  denied  { write open } for  pid=5945 comm="gpm" path="/run/gpm.pid" dev="tmpfs" ino=3920 scontext=system_u:system_r:gpm_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.283:78): avc:  denied  { getattr } for  pid=5945 comm="gpm" path="/run/gpm.pid" dev="tmpfs" ino=3920 scontext=system_u:system_r:gpm_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.393:79): avc:  denied  { sys_tty_config } for  pid=6083 comm="checkpath" capability=26  scontext=system_u:system_r:tmpfiles_t tcontext=system_u:system_r:tmpfiles_t tclass=capability permissive=1
type=AVC msg=audit(1497399118.426:80): avc:  denied  { read } for  pid=6115 comm="ssh-keygen" name="locale-archive" dev="nvme0n1p4" ino=12948728 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:locale_t tclass=file permissive=1
type=AVC msg=audit(1497399118.426:80): avc:  denied  { open } for  pid=6115 comm="ssh-keygen" path="/usr/lib64/locale/locale-archive" dev="nvme0n1p4" ino=12948728 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:locale_t tclass=file permissive=1
type=AVC msg=audit(1497399118.426:81): avc:  denied  { getattr } for  pid=6115 comm="ssh-keygen" path="/usr/lib64/locale/locale-archive" dev="nvme0n1p4" ino=12948728 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:locale_t tclass=file permissive=1
type=AVC msg=audit(1497399118.480:82): avc:  denied  { create } for  pid=6155 comm="sed" name="sedfml39V" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:initrc_t tclass=file permissive=1
type=AVC msg=audit(1497399118.504:83): avc:  denied  { write } for  pid=6163 comm="umount" path="/.splash" dev="tmpfs" ino=21116 scontext=system_u:system_r:mount_t tcontext=system_u:object_r:initrc_state_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399118.505:84): avc:  denied  { getattr } for  pid=6163 comm="umount" path="/etc/mtab" dev="nvme0n1p4" ino=38423117 scontext=system_u:system_r:mount_t tcontext=system_u:system_r:initrc_t tclass=file permissive=1
type=AVC msg=audit(1497399118.505:85): avc:  denied  { read write } for  pid=6163 comm="umount" name="mtab" dev="nvme0n1p4" ino=38423117 scontext=system_u:system_r:mount_t tcontext=system_u:system_r:initrc_t tclass=file permissive=1
type=AVC msg=audit(1497399118.505:85): avc:  denied  { open } for  pid=6163 comm="umount" path="/etc/mtab" dev="nvme0n1p4" ino=38423117 scontext=system_u:system_r:mount_t tcontext=system_u:system_r:initrc_t tclass=file permissive=1
type=AVC msg=audit(1497399118.505:86): avc:  denied  { getattr } for  pid=6163 comm="umount" path="/dev/nvme0n1p4" dev="devtmpfs" ino=13347 scontext=system_u:system_r:mount_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
type=AVC msg=audit(1497399118.507:88): avc:  denied  { open } for  pid=6169 comm="agetty" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.507:89): avc:  denied  { open } for  pid=6165 comm="agetty" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.507:90): avc:  denied  { open } for  pid=6167 comm="agetty" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.507:87): avc:  denied  { open } for  pid=6168 comm="agetty" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.507:91): avc:  denied  { lock } for  pid=6164 comm="agetty" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.507:92): avc:  denied  { lock } for  pid=6166 comm="agetty" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.507:93): avc:  denied  { write } for  pid=6165 comm="agetty" name="utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399118.509:94): avc:  denied  { add_name } for  pid=6169 comm="agetty" name="agetty.reload" scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399118.509:94): avc:  denied  { create } for  pid=6169 comm="agetty" name="agetty.reload" scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399119.515:95): avc:  denied  { write } for  pid=5642 comm="dbus-daemon" path="/run/systemd/sessions/c1.ref" dev="tmpfs" ino=15265 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:init_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399120.053:96): avc:  denied  { write } for  pid=6226 comm="udisksd" name="/" dev="tmpfs" ino=14615 scontext=system_u:system_r:devicekit_disk_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399120.053:96): avc:  denied  { create } for  pid=6226 comm="udisksd" name="udisks2" scontext=system_u:system_r:devicekit_disk_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399120.054:97): avc:  denied  { read } for  pid=6226 comm="udisksd" name="b7:0" dev="tmpfs" ino=15607 scontext=system_u:system_r:devicekit_disk_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399120.058:98): avc:  denied  { getattr } for  pid=6226 comm="udisksd" path="/dev/nvme0n1p4" dev="devtmpfs" ino=13347 scontext=system_u:system_r:devicekit_disk_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
type=AVC msg=audit(1497399120.072:99): avc:  denied  { open } for  pid=6233 comm="upowerd" path="/run/udev/data/c189:0" dev="tmpfs" ino=12692 scontext=system_u:system_r:devicekit_power_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399120.072:100): avc:  denied  { getattr } for  pid=6233 comm="upowerd" path="/run/udev/data/c189:0" dev="tmpfs" ino=12692 scontext=system_u:system_r:devicekit_power_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399120.299:101): avc:  denied  { write } for  pid=5866 comm="NetworkManager" name="NetworkManager" dev="tmpfs" ino=3908 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399120.299:101): avc:  denied  { add_name } for  pid=5866 comm="NetworkManager" name="private-dhcp" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399120.308:102): avc:  denied  { write } for  pid=6269 comm="nm-dhcp-helper" name="private-dhcp" dev="tmpfs" ino=22393 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=sock_file permissive=1
type=AVC msg=audit(1497399120.317:103): avc:  denied  { add_name } for  pid=6268 comm="dhclient" name="dhclient-enp35s0.pid" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399120.317:103): avc:  denied  { create } for  pid=6268 comm="dhclient" name="dhclient-enp35s0.pid" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399120.317:103): avc:  denied  { write open } for  pid=6268 comm="dhclient" path="/run/dhclient-enp35s0.pid" dev="tmpfs" ino=2624 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399120.317:104): avc:  denied  { getattr } for  pid=6268 comm="dhclient" path="/run/dhclient-enp35s0.pid" dev="tmpfs" ino=2624 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399122.747:105): avc:  denied  { create } for  pid=5866 comm="NetworkManager" name="resolv.conf.tmp" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399122.747:105): avc:  denied  { write open } for  pid=5866 comm="NetworkManager" path="/run/NetworkManager/resolv.conf.tmp" dev="tmpfs" ino=2637 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399122.747:106): avc:  denied  { getattr } for  pid=5866 comm="NetworkManager" path="/run/NetworkManager/resolv.conf.tmp" dev="tmpfs" ino=2637 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399122.747:107): avc:  denied  { rename } for  pid=5866 comm="NetworkManager" name="resolv.conf.tmp" dev="tmpfs" ino=2637 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399122.747:108): avc:  denied  { create } for  pid=5866 comm="NetworkManager" name=".resolv.conf.NetworkManager" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t tclass=lnk_file permissive=1
type=AVC msg=audit(1497399122.748:109): avc:  denied  { rename } for  pid=5866 comm="NetworkManager" name=".resolv.conf.NetworkManager" dev="nvme0n1p4" ino=38423125 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t tclass=lnk_file permissive=1
type=AVC msg=audit(1497399122.748:109): avc:  denied  { unlink } for  pid=5866 comm="NetworkManager" name="resolv.conf" dev="nvme0n1p4" ino=38423098 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t tclass=lnk_file permissive=1
type=AVC msg=audit(1497399123.132:110): avc:  denied  { read } for  pid=6164 comm="login" name="utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:local_login_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399123.132:111): avc:  denied  { lock } for  pid=6164 comm="login" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:local_login_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399123.378:112): avc:  denied  { getattr } for  pid=6051 comm="ntpd" path="/run/NetworkManager/resolv.conf" dev="tmpfs" ino=2637 scontext=system_u:system_r:ntpd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399123.378:113): avc:  denied  { read } for  pid=6051 comm="ntpd" name="resolv.conf" dev="tmpfs" ino=2637 scontext=system_u:system_r:ntpd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399123.378:113): avc:  denied  { open } for  pid=6051 comm="ntpd" path="/run/NetworkManager/resolv.conf" dev="tmpfs" ino=2637 scontext=system_u:system_r:ntpd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.836:114): avc:  denied  { read } for  pid=6324 comm="dhclient" name="resolv.conf" dev="tmpfs" ino=2637 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.836:114): avc:  denied  { open } for  pid=6324 comm="dhclient" path="/run/NetworkManager/resolv.conf" dev="tmpfs" ino=2637 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.836:115): avc:  denied  { getattr } for  pid=6324 comm="dhclient" path="/run/NetworkManager/resolv.conf" dev="tmpfs" ino=2637 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.855:116): avc:  denied  { add_name } for  pid=6324 comm="dhclient" name="dhclient-wlp36s0.pid" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399124.855:116): avc:  denied  { create } for  pid=6324 comm="dhclient" name="dhclient-wlp36s0.pid" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.855:116): avc:  denied  { write } for  pid=6324 comm="dhclient" path="/run/dhclient-wlp36s0.pid" dev="tmpfs" ino=19951 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.865:117): avc:  denied  { create } for  pid=5866 comm="NetworkManager" name="resolv.conf.tmp" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.865:117): avc:  denied  { write open } for  pid=5866 comm="NetworkManager" path="/run/NetworkManager/resolv.conf.tmp" dev="tmpfs" ino=19952 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.865:118): avc:  denied  { getattr } for  pid=5866 comm="NetworkManager" path="/run/NetworkManager/resolv.conf.tmp" dev="tmpfs" ino=19952 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.865:119): avc:  denied  { rename } for  pid=5866 comm="NetworkManager" name="resolv.conf.tmp" dev="tmpfs" ino=19952 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.865:119): avc:  denied  { unlink } for  pid=5866 comm="NetworkManager" name="resolv.conf" dev="tmpfs" ino=2637 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.970:121): avc:  denied  { read } for  pid=6447 comm="dhcpd" name="resolv.conf" dev="tmpfs" ino=19952 scontext=system_u:system_r:dhcpd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.970:121): avc:  denied  { open } for  pid=6447 comm="dhcpd" path="/run/NetworkManager/resolv.conf" dev="tmpfs" ino=19952 scontext=system_u:system_r:dhcpd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399124.970:122): avc:  denied  { getattr } for  pid=6447 comm="dhcpd" path="/run/NetworkManager/resolv.conf" dev="tmpfs" ino=19952 scontext=system_u:system_r:dhcpd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399125.335:124): avc:  denied  { read } for  pid=6164 comm="login" name="utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:local_login_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399125.335:125): avc:  denied  { lock } for  pid=6164 comm="login" path="/run/utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:local_login_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399125.341:126): avc:  denied  { write } for  pid=6498 comm="mkdir" name="/" dev="tmpfs" ino=14615 scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399125.341:126): avc:  denied  { create } for  pid=6498 comm="mkdir" name="console" scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399125.342:127): avc:  denied  { create } for  pid=6494 comm="pam-foreground-" name="sora" scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399125.342:127): avc:  denied  { append open } for  pid=6494 comm="pam-foreground-" path="/run/console/sora" dev="tmpfs" ino=2660 scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399125.342:128): avc:  denied  { getattr } for  pid=6494 comm="pam-foreground-" path="/run/console/sora" dev="tmpfs" ino=2660 scontext=system_u:system_r:consolekit_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399125.346:129): avc:  denied  { net_admin } for  pid=6164 comm="login" capability=12  scontext=system_u:system_r:local_login_t tcontext=system_u:system_r:local_login_t tclass=capability permissive=1
type=AVC msg=audit(1497399125.348:130): avc:  denied  { write } for  pid=5642 comm="dbus-daemon" path="/run/systemd/sessions/2.ref" dev="tmpfs" ino=3997 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:init_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399125.348:131): avc:  denied  { use } for  pid=6164 comm="login" path="/run/systemd/sessions/2.ref" dev="tmpfs" ino=3997 scontext=system_u:system_r:local_login_t tcontext=system_u:system_r:initrc_t tclass=fd permissive=1
type=AVC msg=audit(1497399125.348:131): avc:  denied  { write } for  pid=6164 comm="login" path="/run/systemd/sessions/2.ref" dev="tmpfs" ino=3997 scontext=system_u:system_r:local_login_t tcontext=system_u:object_r:init_var_run_t tclass=fifo_file permissive=1
type=AVC msg=audit(1497399125.349:132): avc:  denied  { write } for  pid=6500 comm="login" name="utmp" dev="tmpfs" ino=15550 scontext=system_u:system_r:local_login_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1497399127.178:133): avc:  denied  { write } for  pid=5866 comm="NetworkManager" name="NetworkManager" dev="tmpfs" ino=3908 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399127.178:133): avc:  denied  { add_name } for  pid=5866 comm="NetworkManager" name="resolv.conf.tmp" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1497399127.178:134): avc:  denied  { create } for  pid=5866 comm="NetworkManager" name=".resolv.conf.NetworkManager" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t tclass=lnk_file permissive=1
type=AVC msg=audit(1497399127.178:135): avc:  denied  { rename } for  pid=5866 comm="NetworkManager" name=".resolv.conf.NetworkManager" dev="nvme0n1p4" ino=38423136 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t tclass=lnk_file permissive=1
type=AVC msg=audit(1497399127.178:135): avc:  denied  { unlink } for  pid=5866 comm="NetworkManager" name="resolv.conf" dev="nvme0n1p4" ino=38423128 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t tclass=lnk_file permissive=1
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5588

PostPosted: Wed Jun 14, 2017 1:15 am    Post subject: Reply with quote

The current sec-policy/* packages should already be aware of /run/ and set things up correctly, so I doubt it's the root cause. Is this a new install?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum