[CentOS] weird SELinux denial

Tue Jun 6 17:48:58 UTC 2017
Daniel Walsh <dwalsh at redhat.com>

On 06/06/2017 01:19 PM, Vanhorn, Mike wrote:
> On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote:
>> I am asking if you run it again, does it change.  If the boolean is set
>> the audit2why should say that the AVC is allowed.
> Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says
> type=AVC msg=audit(1496768649.872:1338): avc:  denied  { name_connect } for  pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
> 	Was caused by:
> 		Unknown - would be allowed by active policy
> 		Possible mismatch between this policy and the one under which the audit message was generated.
> 		Possible mismatch between current in-memory boolean settings vs. permanent ones.
> ---
> Mike VanHorn
> Senior Computer Systems Administrator
> College of Engineering and Computer Science
> Wright State University
> 265 Russ Engineering Center
> 937-775-5157
> michael.vanhorn at wright.edu
Ok, that works then.  The way I read your email indicated that setting 
the boolean did not allow the access.  I take it you are not running 
with NIS/Yellow pages and yet you see dbus connecting to port 111?