Leaked file descriptors causing AVC denial messages

Solution Verified - Updated -

Issue

  • Should ifconfig be allowed to access /dev/mem? After configuring a standard system for permissive mode, this message appears regularly:

    Feb 17 07:54:48 example.com setroubleshoot: SELinux is preventing /sbin/ifconfig from read access on the chr_file /dev/mem. For complete SELinux messages. run sealert -l 0bac8e0a-961c-4b82-a166-999ba9cbc517

  • What can I do to prevent messages like the following and what do they mean?

    Mar 16 08:00:52 example.com setroubleshoot: SELinux is preventing /usr/bin/python access to a leaked /tmp/puppet20120316-6771-1gndgri-0 file descriptor. For complete SELinux messages. run sealert -l a9b3853c-463c-4ca0-9ef9-c2a5db8ad9cb

Environment

  • Red Hat Enterprise Linux
  • SELinux
  • Any 3rd-party application

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content