On 06/06/2017 01:19 PM, Vanhorn, Mike wrote: > On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote: > >> I am asking if you run it again, does it change. If the boolean is set >> the audit2why should say that the AVC is allowed. > Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says > > type=AVC msg=audit(1496768649.872:1338): avc: denied { name_connect } for pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket > > Was caused by: > Unknown - would be allowed by active policy > Possible mismatch between this policy and the one under which the audit message was generated. > > Possible mismatch between current in-memory boolean settings vs. permanent ones. > > > --- > Mike VanHorn > Senior Computer Systems Administrator > College of Engineering and Computer Science > Wright State University > 265 Russ Engineering Center > 937-775-5157 > michael.vanhorn at wright.edu > > Ok, that works then. The way I read your email indicated that setting the boolean did not allow the access. I take it you are not running with NIS/Yellow pages and yet you see dbus connecting to port 111?