Re: [CentOS] weird SELinux denial

2017-06-06 Thread Vanhorn, Mike
On 6/6/17, 1:48 PM, "Daniel Walsh" wrote: >Ok, that works then. The way I read your email indicated that setting >the boolean did not allow the access. I take it you are not running >with NIS/Yellow pages and yet you see dbus connecting to port 111? Well, previously, I

Re: [CentOS] weird SELinux denial

2017-06-06 Thread Daniel Walsh
On 06/06/2017 01:19 PM, Vanhorn, Mike wrote: On 6/6/17, 12:38 PM, "Daniel Walsh" wrote: I am asking if you run it again, does it change. If the boolean is set the audit2why should say that the AVC is allowed. Well, if I just run audit2why again, it always tells me the

Re: [CentOS] weird SELinux denial

2017-06-06 Thread Vanhorn, Mike
On 6/6/17, 12:38 PM, "Daniel Walsh" wrote: >I am asking if you run it again, does it change. If the boolean is set >the audit2why should say that the AVC is allowed. Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered

Re: [CentOS] weird SELinux denial

2017-06-06 Thread Daniel Walsh
On 06/06/2017 09:41 AM, Vanhorn, Mike wrote: It says what it is my original post; that’s the output from audit2allow –w (which is audit2why): Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow

Re: [CentOS] weird SELinux denial

2017-06-06 Thread Vanhorn, Mike
It says what it is my original post; that’s the output from audit2allow –w (which is audit2why): Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow access by executing: # setsebool -P

Re: [CentOS] weird SELinux denial

2017-06-06 Thread Daniel Walsh
On 06/06/2017 09:17 AM, Vanhorn, Mike wrote: I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023

[CentOS] weird SELinux denial

2017-06-06 Thread Vanhorn, Mike
I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was caused by: