Bug 593510
Summary: | SELinux is preventing /usr/sbin/openct-control "dac_override" access . | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | jhvillegas2 |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | dwalsh, felipe.cidade, jhvillegas2, la2k_dot_com, mark.lacdao, mgrepl, ssabcew, villegas.john |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:cbe80c063a0d3d8be2557c54a7adcb263ed9b029046daf0d8dad583dcf00d232 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-19 11:28:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
jhvillegas2
2010-05-19 01:48:13 UTC
Could you turn on full auditing to see if we can figure out whether this domain actually needs this access or there is a file with the wrong permissions on your system. dac_override means that a root process is trying to access a file/dir which root does not over permission to look at based on the permissions. auditctl -w /etc/shadow -p w Attempt to get the AVC to happen. ausearch -m avc -ts recent Should gather the AVC data including the path. |