From: Miroslav Grepl mgrepl@redhat.com On 04/23/2013 04:37 PM, m.roth@5-cent.us wrote:
m.roth@5-cent.us wrote:
This is very frustrating. My manager rebooted this morning, so now I'm not sure about which avc I wrote about yesterday. However, I see various things:
<snip>
3. This one makes *zero* sense to me: SELinux is preventing
/lib64/security/pam_krb5/pam_krb5_storetmp from execute access on the file /lib64/security/pam_krb5/pam_krb5_storetmp. ll -Z -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /lib64/security/pam_krb5/pam_krb5_storetmp*
<snip>
And last one would need
corecmd_exec_bin() for a source type from AVC msg which we don't have.
Not sure how to use that, but I'm at work for a few more minutes, and it's telling me, from sealert,
SELinux is preventing /lib64/security/pam_krb5/pam_krb5_storetmp from execute access on the file /lib64/security/pam_krb5/pam_krb5_storetmp.
And one of the raw avcs is: type=AVC msg=audit(1367010914.610:143690): avc: denied { execute_no_trans } for pid=1310 comm="auth" path="/lib64/security/pam_krb5/pam_krb5_storetmp" dev=sda3 ino=15343658 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Thanks.
mark
On 04/26/2013 11:28 PM, m.roth@5-cent.us wrote:
type=AVC msg=audit(1367010914.610:143690): avc: denied { execute_no_trans } for pid=1310 comm="auth" path="/lib64/security/pam_krb5/pam_krb5_storetmp" dev=sda3 ino=15343658 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Yes, I was looking for this AVC msg.
scontext=system_u:system_r:dovecot_auth_t:s0
So you can fix it for now using
# grep dovecot_auth_t /var/log/audit/audit.log |audit2allow -M mypol # semodule -i mypol.pp
selinux@lists.fedoraproject.org