- 论坛徽章:
- 0
|
本帖最后由 skysky1752 于 2013-10-02 02:07 编辑
SELinux 的提示“restorecon -v './resolv.conf'”,
路径应该在这里吧: /etc/resolv.conf 。
不过用这个路径 :restorecon -v '/etc/resolv.conf' 后,文件是这样的:
lrwxrwxrwx root root root : object_r:etc_t /etc/resolv.conf
这个和 Source Context ,Target Context 都不一样啊! 谁解答一下!
全文如下:
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./resolv.conf,
restorecon -v './resolv.conf'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:avahi_t
Target Context system_u bject_r:pppd_etc_rw_t
Target Objects ./resolv.conf [ file ]
Source avahi-daemon
Source Path /usr/sbin/avahi-daemon
Port <Unknown>
Host ***
Source RPM Packages avahi-0.6.16-10.el5_6
Target RPM Packages
Policy RPM selinux-policy-2.4.6-327.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Alert Count 2
First Seen Tue Oct 1 23:43:36 2013
Last Seen Wed Oct 2 00:13:13 2013
Local ID 5f264a71-ef51-4287-992a-999deac7a486
Line Numbers
Raw Audit Messages
host=*** type=AVC msg=audit(1380643993.965:9): avc: denied { read } for pid=3092 comm="avahi-daemon" name="resolv.conf" dev=hda3 ino=686372 scontext=system_u:system_r:avahi_t:s0 tcontext=system_ubject_r:pppd_etc_rw_t:s0 tclass=file
host=*** type=SYSCALL msg=audit(1380643993.965:9): arch=40000003 syscall=5 success=no exit=-13 a0=805a4dc a1=0 a2=1 a3=1 items=0 ppid=3091 pid=3092 auid=4294967295 uid=70 gid=70 euid=70 suid=70 fsuid=70 egid=70 sgid=70 fsgid=70 tty=(none) ses=4294967295 comm="avahi-daemon" exe="/usr/sbin/avahi-daemon" subj=system_u:system_r:avahi_t:s0 key=(null)
LOG 如下:
Oct 1 23:43:23 www setroubleshoot: SELinux is preventing cupsd (cupsd_t) "read" to ./resolv.conf (pppd_etc_rw_t). For complete SELinux messages. run sealert -l 4fffdda7-a189-4f03-ac01-84138cdb9f3e
Oct 1 23:43:23 www setroubleshoot: SELinux is preventing cupsd (cupsd_t) "getattr" to /etc/ppp/resolv.conf (pppd_etc_rw_t). For complete SELinux messages. run sealert -l 2e2ddce2-7780-42b4-8c2e-56d834dcc0f2
Oct 1 23:43:36 www setroubleshoot: SELinux is preventing avahi-daemon (avahi_t) "read" to ./resolv.conf (pppd_etc_rw_t). For complete SELinux messages. run sealert -l 5f264a71-ef51-4287-992a-999deac7a486
Oct 1 23:43:36 www setroubleshoot: SELinux is preventing avahi-daemon (avahi_t) "getattr" to /etc/ppp/resolv.conf (pppd_etc_rw_t). For complete SELinux messages. run sealert -l 79e9a365-a897-4879-a8b7-711647efdbc5
|
|
免费注册
发表于 2013-10-02 01:50
发表于 2013-10-02 08:30