Red Hat Bugzilla – Bug 450117
Kernel failed to return fully qualified path for AVC denial
Last modified: 2014-06-18 04:46:26 EDT
I got an AVC denial due to a mislabeled file, and the denial said NetworkManager
had attempted to run "./nscd" whereas it would be expected that a full path
would be provided.
The setroubleshoot report is attached
Created attachment 308441 [details]
AVC denial with unclear path
we normally print the path, which leads me to believe that nm isn't passing
anything other than ./
Should we perhaps print cwd if the path begins with ./ ? Hmm.
I'm pretty sure the "./" is just some crap that setroubleshoot added for no
apparent reason. Its not in the audit records. SELinux will only print the
full paths if it is available for free. If you want full paths you need to load
an audit syscall. I suggest in /etc/audit/audit.rules:
auditctl -a exit,always -S kill -F pid=1
I think this should be moved to and setroubleshoot bug so it will stop saying ./
but the fact you don't get a full path is NOTABUG
So we came to the conclusion in the Chat room that you need to take the
performance hit if you want to always get the data.