SELINUX_ERR occurred at RHEL7.1 in spite of not changing application settings
Issue
- Why does two processes operate in different domains? Is this a bug or a setting mistake? Please let me know root cause.
- Being operating in different domains, two processes invoke the following execution file.
_sdtool process invokes /opt/SMAW/SMAWsf/bin/rcsd
hvcm.bin process invokes /opt/SMAW/SMAWRrms/bin/bm
The above execution file's security context is as follows.
# ls -Z /opt/SMAW/SMAWsf/bin/rcsd
-rwx------. root root system_u:object_r:unconfined_exec_t:s0 /opt/SMAW/SMAWsf/bin/rcsd
# ls -Z /opt/SMAW/SMAWRrms/bin/bm
-rwxr-xr-x. root root system_u:object_r:unconfined_exec_t:s0 /opt/SMAW/SMAWRrms/bin/bm
-
Because the security context's type of bm file is unconfined_exec_t, when the hvcm.bin process operating in initrc_t domain invoked bm, the permission error was recorded in the audit.log.
-
Why has this message been written to the audit.log? What action do we have to do to solve this problem?
12:28:57, February 20, 2015 type=SELINUX_ERR msg=audit(1424402937.045:250604): security_compute_sid: invalid context system_u:unconfined_r:initrc_t:s0 for scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:unconfined_exec_t:s0 tclass=process
Environment
- Red Hat Enterprise Linux 7.1 RC2
- Architecture: x86_64
- Kernel Version: 3.10.0-229.el7
- Related Middleware / Application: Fujitsu PRIMECLUSTER
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
