[CentOS] [C8 stream] unix_chkpwd wants access to /proc

Mon Jun 14 14:14:07 UTC 2021
Chris Adams <linux at cmadams.net>

Once upon a time, Łukasz Posadowski <mail at lukaszposadowski.pl> said:
> From 11.06 journal is logging a lot of denied access to /proc for
> unix_chkpwd by selinux. They are so frequent, that I see them in
> htop. :) Right now I have 2122 logges denials. 
> Is it OK for unix_chkpwd to poke in /proc? It has to know who is
> logged in, do probably yes, bit I'm not sure.

I haven't dug into it, but I'm thinking there was some policy or library
change that isn't quite right... sssd_be also has the same denial on
startup (so every boot).

Chris Adams <linux at cmadams.net>