SELinux preventing ifconfig from reading log files, writing to sockets
Issue
-
Multiple servers are getting the following entries in /var/log/messages
Jul 1 14:30:23 example.com setroubleshoot: SELinux is preventing ifconfig (ifconfig_t) "read" to /var/log/simpana/Log_Files/cvfwd.log (var_log_t). For complete SELinux messages. run sealert -l 3cb7a52e-673c-483c-992d-240881981b6c Jul 1 14:30:25 example.com audisp-remote: queue is full - dropping event -
Our /var/log/audit/audit.log file is filling up (and getting rotated out quickly!) with the same 3 messages like the following:
node=example.com type=AVC msg=audit(1435778063.029:1605234): avc: denied { read } for pid=31039 comm="ifconfig" path="/var/log/simpana/Log_Files/cvfwd.log" dev=dm-3 ino=2293801 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file node=example.com type=AVC msg=audit(1435778063.029:1605234): avc: denied { read write } for pid=31039 comm="ifconfig" path="socket:[15738]" dev=sockfs ino=15738 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=tcp_socket node=example.com type=AVC msg=audit(1435778063.029:1605234): avc: denied { read } for pid=31039 comm="ifconfig" path="eventpoll:[15739]" dev=eventpollfs ino=15739 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=file
Environment
- Red Hat Enterprise Linux
- SELinux
- Any 3rd-party application
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
