He should at least do a 'ls -lZ' on the file and report to the list.
Also a 'grep denied /var/log/audit/audit.log'.
Bill
On 12/15/2017 9:56 AM, cac...@quantum-sci.com wrote:
/run is cleared on every boot so a restorecon wouldn't last. If a reboot doesn't fix it, it's likely a problem in a script of
the repo.
OP doesn't say how he's pulling these messages, but I can't find them in
CentOS7.
On 12/15/2017 03:12 AM, Bill Shirley wrote:
Perhaps /run/lock/subsys/shorewall has become mis-labeled? (Fedora 25):
drwxr-xr-x. 45 root root system_u:object_r:var_run_t:s0 1280 Dec 13 09:53 /run
drwxr-xr-x. 6 root root system_u:object_r:var_lock_t:s0 120 Dec 7 01:10
/run/lock
drwxr-xr-x. 2 root root system_u:object_r:var_lock_t:s0 120 Dec 7 17:01
/run/lock/subsys
-rw-------. 1 root root unconfined_u:object_r:var_lock_t:s0 0 Dec 7 17:00
/run/lock/subsys/shorewall
Have you tried running restorecon on the file?
Bill
On 12/15/2017 5:18 AM, Dario Lesca wrote:
How to resolve this issue?
dic 14 15:09:12 s-virt.to.loc setroubleshoot[29931]: failed to retrieve
rpm info for /run/lock/subsys/shorewall
dic 14 15:09:12 s-virt.to.loc setroubleshoot[29931]: SELinux is preventing /usr/bin/rm from getattr access on the file
/run/lock/subsys/shorewall. For complete SELinux messages run: sealert -l 0c3dda49-0ea8-49ab-9dbd-6a7c3d40e4a1
dic 14 15:09:12 s-virt.to.loc python[29931]: SELinux is preventing /usr/bin/rm from getattr access on the file
/run/lock/subsys/shorewall.
...
dic 14 15:09:12 s-virt.to.loc setroubleshoot[29931]: SELinux is preventing /usr/bin/touch from write access on the file
shorewall. For complete SELinux messages run: sealert -l e1a41afa-da77-4c29-ae1e-782146cb825a
dic 14 15:09:12 s-virt.to.loc python[29931]: SELinux is preventing
/usr/bin/touch from write access on the file shorewall.
although apparently everything works well
Many thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 27 Workstation)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
