[CentOS] CentOS 7 selinux policy bug

Fri May 29 16:43:39 UTC 2015
Daniel J Walsh <dwalsh at redhat.com>


On 05/29/2015 09:20 AM, m.roth at 5-cent.us wrote:
> Hi, folks,
>
>    CentOS 7.1. Selinux policy, and targetted, updated two days ago.
>
> May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash
> from execute access on the file /usr/bin/bash.#012#012***** <...>
> May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/bash
> from execute access on the file /usr/bin/uname.#012#012*****  <...>
> May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/uname
> from execute_no_trans access on the file /usr/bin/uname.#012#012*****
> <...>
> May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash
> from execute access on the file /usr/bin/mailx.#012#012*****  <...>
>
> I did do an ll =Z /usr/bin, and everything looks correct
> (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug.
> No? Yes? File a bug report?
>
>         mark
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
What is the avc that you are seeing?

ausearch -m avc -ts recent