SELinux preventing ifconfig from reading log files, writing to sockets

Solution Verified - Updated -

Issue

  • Multiple servers are getting the following entries in /var/log/messages

    Jul  1 14:30:23 example.com setroubleshoot: SELinux is preventing ifconfig (ifconfig_t) "read" to /var/log/simpana/Log_Files/cvfwd.log (var_log_t). For complete SELinux messages. run sealert -l 3cb7a52e-673c-483c-992d-240881981b6c
    Jul  1 14:30:25 example.com audisp-remote: queue is full - dropping event
    
  • Our /var/log/audit/audit.log file is filling up (and getting rotated out quickly!) with the same 3 messages like the following:

    node=example.com type=AVC msg=audit(1435778063.029:1605234): avc:  denied  { read } for  pid=31039 comm="ifconfig" path="/var/log/simpana/Log_Files/cvfwd.log" dev=dm-3 ino=2293801 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
    node=example.com type=AVC msg=audit(1435778063.029:1605234): avc:  denied  { read write } for  pid=31039 comm="ifconfig" path="socket:[15738]" dev=sockfs ino=15738 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=tcp_socket
    node=example.com type=AVC msg=audit(1435778063.029:1605234): avc:  denied  { read } for  pid=31039 comm="ifconfig" path="eventpoll:[15739]" dev=eventpollfs ino=15739 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=file
    

Environment

  • Red Hat Enterprise Linux
  • SELinux
  • Any 3rd-party application

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.