Since July 6, I've been seeing a lot of AVC's though I've not changed anything
in my policies. Any ideas why?
The majority seem to be device_t:sock_file write which implies to me that it's
a macro that's missing in the base policies.
[root@mail mail]# ausearch -m avc | audit2allow
#============= antivirus_t ==============
allow antivirus_t device_t:sock_file write;
#============= apcupsd_t ==============
allow apcupsd_t device_t:sock_file write;
#============= auditd_t ==============
allow auditd_t device_t:sock_file write;
#============= avahi_t ==============
allow avahi_t device_t:sock_file write;
#============= chkpwd_t ==============
allow chkpwd_t self:capability dac_override;
#============= chronyd_t ==============
allow chronyd_t device_t:sock_file write;
#============= cyrus_t ==============
allow cyrus_t device_t:sock_file write;
#============= ftpd_t ==============
#!!!! This avc is allowed in the current policy
allow ftpd_t device_t:sock_file write;
#============= gpm_t ==============
allow gpm_t device_t:sock_file write;
#============= init_t ==============
allow init_t event_device_t:chr_file open;
allow init_t net_conf_t:file create;
#!!!! This avc is allowed in the current policy
allow init_t system_dbusd_var_run_t:sock_file read;
#!!!! This avc is allowed in the current policy
#!!!! This av rule may have been overridden by an extended permission av rule
allow init_t user_home_t:file { ioctl open };
allow init_t xdm_home_t:dir remove_name;
#============= iptables_t ==============
allow iptables_t plymouthd_t:unix_stream_socket connectto;
#============= local_login_t ==============
allow local_login_t device_t:sock_file write;
#============= ntpd_t ==============
allow ntpd_t device_t:sock_file write;
#============= restorecond_t ==============
allow restorecond_t device_t:sock_file write;
#============= saslauthd_t ==============
allow saslauthd_t device_t:sock_file write;
#============= sendmail_t ==============
allow sendmail_t device_t:sock_file write;
#============= setroubleshootd_t ==============
allow setroubleshootd_t dma_device_t:dir getattr;
#============= spamd_t ==============
allow spamd_t device_t:sock_file { getattr write };
#============= sshd_t ==============
allow sshd_t device_t:sock_file write;
#============= syslogd_t ==============
allow syslogd_t device_t:sock_file write;
#============= systemd_logind_t ==============
#!!!! This avc is allowed in the current policy
allow systemd_logind_t session_dbusd_tmp_t:sock_file unlink;
#============= unconfined_t ==============
allow unconfined_t dma_device_t:dir search;
[root@mail mail]#
And this may or may not be related, but I'm also getting a lot of ssh dropped
connections:
ssh_dispatch_run_fatal: Connection to 192.168.4.3 port 22: message
authentication code incorrect
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
