SELinux is preventing mcelog from write access on the sock_file socket on new installed RHEL 6.5 system

Solution Unverified - Updated -

Issue

When we install a new system we are getting the following SElinux alert Emailed to us:

SELinux is preventing mcelog from write access on the sock_file socket.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that mcelog should be allowed write access on the socket sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.

Do allow this access for now by executing:
# grep mcelog /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:mcelog_t:s0
Target Context                system_u:object_r:nscd_var_run_t:s0
Target Objects                socket [ sock_file ]
Source                        mcelog
Source Path                   mcelog
Port                          <Unknown>
Host                          lbnss02
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-231.el6.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     lbnss02
Platform                      Linux lbnss02 2.6.32-431.1.2.el6.x86_64 #1 SMP Sun
                              Nov 24 09:37:37 EST 2013 x86_64 x86_64
Alert Count                   1
First Seen                    Fri Jan 10 09:20:22 2014
Last Seen                     Fri Jan 10 09:20:22 2014
Local ID                      e3de460c-af9b-4857-8f1a-76f90492c93f

Raw Audit Messages
type=AVC msg=audit(1389342022.884:5283): avc:  denied  { write } for  pid=8337 comm="mcelog" name="socket" dev=dm-2 ino=655543 scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=sock_file


type=AVC msg=audit(1389342022.884:5283): avc:  denied  { connectto } for  pid=8337 comm="mcelog" path="/var/run/nscd/socket" scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:system_r:nscd_t:s0 tclass=unix_stream_socket


Hash: mcelog,mcelog_t,nscd_var_run_t,sock_file,write

audit2allow

#============= mcelog_t ==============
allow mcelog_t nscd_t:unix_stream_socket connectto; allow mcelog_t nscd_var_run_t:sock_file write;

audit2allow -R

#============= mcelog_t ==============
allow mcelog_t nscd_t:unix_stream_socket connectto; allow mcelog_t nscd_var_run_t:sock_file write;

How can this be prevented at install time?

Environment

  • Red Hat Enterprise Linux 6.5
  • selinux-policy-targeted-3.7.19-231.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content