SELINUX_ERR occurred at RHEL7.1 in spite of not changing application settings

Solution Verified - Updated -

Issue

  • Why does two processes operate in different domains? Is this a bug or a setting mistake? Please let me know root cause.
  • Being operating in different domains, two processes invoke the following execution file.
  _sdtool process  invokes /opt/SMAW/SMAWsf/bin/rcsd
  hvcm.bin process invokes /opt/SMAW/SMAWRrms/bin/bm

The above execution file's security context is as follows.

   # ls -Z /opt/SMAW/SMAWsf/bin/rcsd
  -rwx------. root root system_u:object_r:unconfined_exec_t:s0 /opt/SMAW/SMAWsf/bin/rcsd
   # ls -Z /opt/SMAW/SMAWRrms/bin/bm
  -rwxr-xr-x. root root system_u:object_r:unconfined_exec_t:s0 /opt/SMAW/SMAWRrms/bin/bm
  • Because the security context's type of bm file is unconfined_exec_t, when the hvcm.bin process operating in initrc_t domain invoked bm, the permission error was recorded in the audit.log.

  • Why has this message been written to the audit.log? What action do we have to do to solve this problem?

  12:28:57, February 20, 2015 type=SELINUX_ERR msg=audit(1424402937.045:250604): security_compute_sid:  invalid context system_u:unconfined_r:initrc_t:s0 for scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:unconfined_exec_t:s0 tclass=process

Environment

  • Red Hat Enterprise Linux 7.1 RC2
  • Architecture: x86_64
  • Kernel Version: 3.10.0-229.el7
  • Related Middleware / Application: Fujitsu PRIMECLUSTER

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.