Red Hat Bugzilla – Bug 149032
avc: denied net_admin messages
Last modified: 2007-11-30 17:11:00 EST
Description of problem: Getting the following messages in permissive mode. Not sure what the impact would be under enforcing. audit(1108686194.845:0): avc: denied { net_admin } for pid=2656 exe=/sbin/ypbind capability=12 scontext=user_u:system_r:ypbind_t tcontext=user_u:system_r:ypbind_t tclass=capability audit(1108686198.020:0): avc: denied { net_admin } for pid=3010 exe=/usr/sbin/rpc.rquotad capability=12 scontext=user_u:system_r:rpcd_t tcontext=user_u:system_r:rpcd_t tclass=capability audit(1108686198.422:0): avc: denied { net_admin } for pid=3088 exe=/usr/sbin/rpc.mountd capability=12 scontext=user_u:system_r:nfsd_t tcontext=user_u:system_r:nfsd_t tclass=capability audit(1108686202.044:0): avc: denied { net_admin } for pid=3239 exe=/usr/sbin/httpd capability=12 scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t tclass=capability Version-Release number of selected component (if applicable): selinux-policy-targeted-1.21.14-1
Do you see them in enforcing mode? If not they are probably being prevented by some other access denial. Dan
I'm seeing the following in enforcing mode: type=KERNEL msg=audit(1110325425.073:11245429): avc: denied { net_admin } for pid=6797exe=/usr/sbin/httpd capability=12 scontext=root:system_r:httpd_t tcontext=root:system_r:httpd_t tclass=capability type=KERNEL msg=audit(1110325433.245:11248486): avc: denied { net_admin } for pid=2680exe=/sbin/ypbind capability=12 scontext=user_u:system_r:ypbind_t tcontext=user_u:system_r:ypbind_t tclass=capability It hasn't caused any problems that I can see - everything seems to work. Not sure what triggers the messages. This is with selinux-policy-targeted-1.21.15-6 now.
Added dontaudits to selinux-policy-*-1.21.16-3
No longer seeing the net_admin messages in the audit log.