[CentOS] weird SELinux denial

Tue Jun 6 17:19:40 UTC 2017
Vanhorn, Mike <michael.vanhorn at wright.edu>

On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote:

>I am asking if you run it again, does it change.  If the boolean is set 
>the audit2why should say that the AVC is allowed.

Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says 

type=AVC msg=audit(1496768649.872:1338): avc:  denied  { name_connect } for  pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket

	Was caused by:
		Unknown - would be allowed by active policy
		Possible mismatch between this policy and the one under which the audit message was generated.

		Possible mismatch between current in-memory boolean settings vs. permanent ones.


---
Mike VanHorn
Senior Computer Systems Administrator
College of Engineering and Computer Science
Wright State University
265 Russ Engineering Center
937-775-5157
michael.vanhorn at wright.edu