[atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login

Mon, 14 Sep 2015 00:27:34 -0700 

Hi,

I am getting the following AVCs on _one_ of the atomic hosts. This is on
a slightly newer installation (a few weeks ago) than the other hosts,
I don't know of any other difference between them.

The logs are from a with enforcing=0 because it's a remote machine and
I can't log in without ssh.

    type=AVC msg=audit(1442045142.791:158569): avc:  denied  { read } for 
pid=3358 comm="nslookup" name="resolv.conf" dev="dm-1" ino=95751 
scontext=system_u:system_r:svirt_lxc_net_t:s0:c411,c700 
tcontext=system_u:object_r:svirt_sandbox_file_t:s0:c722,c900 tclass=file 
permissive=1
    type=AVC msg=audit(1442045142.791:158570): avc:  denied  { ioctl } for 
pid=3358 comm="nslookup" path="/etc/resolv.conf" dev="dm-1" ino=95751 
scontext=system_u:system_r:svirt_lxc_net_t:s0:c411,c700 
tcontext=system_u:object_r:svirt_sandbox_file_t:s0:c722,c900 tclass=file 
permissive=1
    [many more of these with different pids]

    type=AVC msg=audit(1442048674.527:162109): avc:  denied  { lock } for  
pid=20655 comm="etcd" path="/var/ 
etcd/data/member/wal/0000000000000011-0000000000029822.wal" dev="dm-1" 
ino=109294 scontext=system_u:syst em_r:svirt_lxc_net_t:s0:c369,c609 
tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1

    type=AVC msg=audit(1442213538.406:164): avc:  denied { dyntransition } for  
pid=1808 comm="sshd" scontext=system_u:system_r:kernel_t:s0 
tcontext=system_u:system_r:sshd_net_t:s0 tclass=process permissive=0 type=AVC 
msg=audit(1442213539.950:183): avc:  denied { dyntransition } for  pid=1814 
comm="sshd" sconte xt=system_u:system_r:kernel_t:s0 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
    type=AVC msg=audit(1442213540.053:187): avc:  denied  { transition } for  
pid=1815 comm="sshd" path="/usr/bin/bash" dev="dm-1" ino=18761953 
scontext=system_u:system_r:kernel_t:s0 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
    [many more of the last]

    type=AVC msg=audit(1442214925.923:172): avc:  denied  { sigchld } for  
pid=1 comm="systemd" scontext=system_u:system_r:sshd_net_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1

Thanks in advance,
 Tobias Florek

Reply via email to