On 06/06/2017 01:19 PM, Vanhorn, Mike wrote:
On 6/6/17, 12:38 PM, "Daniel Walsh" dwalsh@redhat.com wrote:
I am asking if you run it again, does it change. If the boolean is set the audit2why should say that the AVC is allowed.
Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says
type=AVC msg=audit(1496768649.872:1338): avc: denied { name_connect } for pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean settings vs. permanent ones.
Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ Engineering Center 937-775-5157 michael.vanhorn@wright.edu
Ok, that works then. The way I read your email indicated that setting the boolean did not allow the access. I take it you are not running with NIS/Yellow pages and yet you see dbus connecting to port 111?