Skip to content

Instantly share code, notes, and snippets.

@ohadlevy
Created November 21, 2019 18:11
Show Gist options
  • Save ohadlevy/19a62673bc17b2fd10c1761e8fe24df0 to your computer and use it in GitHub Desktop.
Save ohadlevy/19a62673bc17b2fd10c1761e8fe24df0 to your computer and use it in GitHub Desktop.
SELinux is preventing 11-dhclient from add_name access on the directory ntp.conf.predhclient.wlp58s0.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that 11-dhclient should be allowed add_name access on the ntp.conf.predhclient.wlp58s0 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '11-dhclient' --raw | audit2allow -M my-11dhclient
# semodule -X 300 -i my-11dhclient.pp
Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:object_r:dhcpc_state_t:s0
Target Objects ntp.conf.predhclient.wlp58s0 [ dir ]
Source 11-dhclient
Source Path 11-dhclient
Port <Unknown>
Host ohad
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.14.4-40.fc31.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name ohad
Platform Linux ohad 5.3.11-300.fc31.x86_64 #1 SMP Tue Nov
12 19:08:07 UTC 2019 x86_64 x86_64
Alert Count 20
First Seen 2019-11-19 20:30:32 IST
Last Seen 2019-11-21 19:39:43 IST
Local ID 2efa3eb0-96f1-41fa-b734-e369bd45bc9f
Raw Audit Messages
type=AVC msg=audit(1574357983.779:764): avc: denied { add_name } for pid=30302 comm="touch" name="ntp.conf.predhclient.wlp58s0" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir permissive=0
Hash: 11-dhclient,NetworkManager_t,dhcpc_state_t,dir,add_name
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment