Leaked file descriptors causing AVC denial messages
Issue
-
Should ifconfig be allowed to access /dev/mem? After configuring a standard system for permissive mode, this message appears regularly:
Feb 17 07:54:48 example.com setroubleshoot: SELinux is preventing /sbin/ifconfig from read access on the chr_file /dev/mem. For complete SELinux messages. run sealert -l 0bac8e0a-961c-4b82-a166-999ba9cbc517
-
What can I do to prevent messages like the following and what do they mean?
Mar 16 08:00:52 example.com setroubleshoot: SELinux is preventing /usr/bin/python access to a leaked /tmp/puppet20120316-6771-1gndgri-0 file descriptor. For complete SELinux messages. run sealert -l a9b3853c-463c-4ca0-9ef9-c2a5db8ad9cb
Environment
- Red Hat Enterprise Linux
- SELinux
- Any 3rd-party application
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.