On Wed, 2022-03-16 at 14:47 +0100, Lukas Slebodnik wrote: > > Could you share ful reposort fom audit ? > e.g. ausearch -m AVC
There are lots. One such example, and the first one of a series:
type=PROCTITLE msg=audit(1647710324.067:172072):
proctitle=7368002D63002F686F6D652F6D6F74696F6E2F6D6F7669655F656E642032002026
type=SYSCALL msg=audit(1647710324.067:172072): arch=c000003e syscall=257
success=no exit=-13 a0=ffffff9c a1=5573bf195680 a2=80000 a3=0 items=0
ppid=967054 pid=3299344 auid=4294967295 uid=982 gid=39 euid=982 suid=982
fsuid=982 egid=39 sgid=39 fsgid=39 tty=(none) ses=4294967295 comm="sh"
exe="/usr/bin/bash" subj=system_u:system_r:motion_t:s0 key=(null)
type=AVC msg=audit(1647710324.067:172072): avc: denied { search } for
pid=3299344 comm="sh" name="sss" dev="dm-8" ino=210
scontext=system_u:system_r:motion_t:s0
tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
> Could you share SELinux context of affected files and directories?
>
> e.g.
> ls -lZ /var/lib/sss/ /var/lib/sss/*/
That's a lot of files, particularly in /var/lib/sss/db/. The relevant
files I think are:
drwxr-xr-x. 10 root root system_u:object_r:sssd_var_lib_t:s0 4096 Feb 2 05:24
/var/lib/sss/
drwx------. 2 sssd sssd system_u:object_r:sssd_var_lib_t:s0 36864 Mar 19 13:17
/var/lib/sss/db
dm-8 inode 210:
# ls -lid /var/lib/sss
210 drwxr-xr-x. 10 root root 4096 Feb 2 05:24 /var/lib/sss
Cheers,
b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
