[CentOS] SELinux is preventing 11-dhclient from add_name access on the directory chrony.servers.wlp8s0.

Ger van Dijck

ger.vandijck at edpnet.be
Mon Dec 2 22:18:25 UTC 2019


SELinux is preventing 11-dhclient from add_name access on the directory
chrony.servers.wlp8s0.

*****  Plugin catchall (100. confidence) suggests
**************************

If you believe that 11-dhclient should be allowed add_name access on the
chrony.servers.wlp8s0 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '11-dhclient' --raw | audit2allow -M my-11dhclient
# semodule -X 300 -i my-11dhclient.pp

Additional Information:
Source Context                system_u:system_r:NetworkManager_t:s0
Target Context                system_u:object_r:dhcpc_state_t:s0
Target Objects                chrony.servers.wlp8s0 [ dir ]
Source                        11-dhclient
Source Path                   11-dhclient
Port                          <Unknown>
Host                          castor
Source RPM Packages
Target RPM Packages
Policy RPM                    selinux-policy-3.14.4-40.fc31.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     castor
Platform                      Linux castor 5.3.12-300.fc31.x86_64 #1 SMP
Thu Nov
                                   21 22:52:07 UTC 2019 x86_64 x86_64
Alert Count                   2
First Seen                    2019-11-30 18:03:35 CET
Last Seen                     2019-12-01 11:16:46 CET
Local ID                      0370e7fd-a826-4c80-8239-747a7528c5af

Raw Audit Messages
type=AVC msg=audit(1575195406.740:277): avc:  denied  { add_name } for
pid=1466 comm="11-dhclient" name="chrony.servers.wlp8s0"
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir permissive=0


Hash: 11-dhclient,NetworkManager_t,dhcpc_state_t,dir,add_name
-- 
Using Opera's mail client: http://www.opera.com/mail/



More information about the CentOS mailing list