SELinux : ログを確認する2023/02/20

Mar 10 21:57:34 dlp.srv.world setroubleshoot[1840]: AnalyzeThread.run(): Cancel>
Mar 10 21:57:34 dlp.srv.world setroubleshoot[1840]: failed to retrieve rpm info>
Mar 10 21:57:35 dlp.srv.world setroubleshoot[1840]: SELinux is preventing /usr/>
Mar 10 21:57:35 dlp.srv.world setroubleshoot[1840]: SELinux is preventing /usr/>
.....
.....

Mar 10 21:57:35 dlp setroubleshoot[1840]: SELinux is preventing /usr/sbin/smbd from watch access on the directory /home/share. For complete SELinux messages run: sealert -l 08f68245-f415-4f55-a5d5-7a9a27beba12
Mar 10 21:57:35 dlp setroubleshoot[1840]: SELinux is preventing /usr/sbin/smbd from watch access on the directory /home/share.#012#012*****  Plugin catchall_boolean (89.3 confidence) suggests   ******************#012#012If you want to allow samba to export all rw#012Then you must tell SELinux about this by enabling the 'samba_export_all_rw' boolean.#012#012Do#012setsebool -P samba_export_all_rw 1#012#012*****  Plugin catchall (11.6 confidence) suggests   **************************#012#012If you believe that smbd should be allowed watch access on the share directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'smbd-notifyd' --raw | audit2allow -M my-smbdnotifyd#012# semodule -X 300 -i my-smbdnotifyd.pp#012

type=AVC msg=audit(1644986614.918:178): avc:  denied  { mac_admin } for  pid=1933 comm="restorecon" capability=33  scontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 tclass=capability2 permissive=0
type=AVC msg=audit(1646971053.926:140): avc:  denied  { watch } for  pid=1794 comm="smbd-notifyd" path="/home/share" dev="dm-0" ino=61100 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1646971053.927:141): avc:  denied  { watch } for  pid=1794 comm="smbd-notifyd" path="/home/share" dev="dm-0" ino=61100 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0

----
time->Thu Mar 10 21:57:33 2022
type=PROCTITLE msg=audit(1646971053.926:140): proctitle=2F7573722F7362696E2F736D6264002D2D666F726567726F756E64002D2D6E6F2D70726F636573732D67726F7570
type=SYSCALL msg=audit(1646971053.926:140): arch=c000003e syscall=254 success=no exit=-13 a0=f a1=7ffcf269679c a2=210003c0 a3=7ffcf2695fd0 items=0 ppid=1792 pid=1794 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="smbd-notifyd" exe="/usr/sbin/smbd" subj=system_u:system_r:smbd_t:s0 key=(null)
type=AVC msg=audit(1646971053.926:140): avc:  denied  { watch } for  pid=1794 comm="smbd-notifyd" path="/home/share" dev="dm-0" ino=61100 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0
----
time->Thu Mar 10 21:57:33 2022
type=PROCTITLE msg=audit(1646971053.927:141): proctitle=2F7573722F7362696E2F736D6264002D2D666F726567726F756E64002D2D6E6F2D70726F636573732D67726F7570
type=SYSCALL msg=audit(1646971053.927:141): arch=c000003e syscall=254 success=no exit=-13 a0=f a1=7ffcf269679c a2=210003c6 a3=7ffcf2696740 items=0 ppid=1792 pid=1794 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="smbd-notifyd" exe="/usr/sbin/smbd" subj=system_u:system_r:smbd_t:s0 key=(null)
type=AVC msg=audit(1646971053.927:141): avc:  denied  { watch } for  pid=1794 comm="smbd-notifyd" path="/home/share" dev="dm-0" ino=61100 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0

AVC Report
===============================================================
# date time comm subj syscall class permission obj result event
===============================================================
1. 02/15/2022 22:43:19 restorecon unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 189 capability2 mac_admin unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 denied 166
2. 02/15/2022 22:43:19 restorecon unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 189 capability2 mac_admin unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 denied 167
3. 02/15/2022 22:43:19 restorecon unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 189 capability2 mac_admin unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 denied 168
4. 02/15/2022 22:43:34 restorecon unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 189 capability2 mac_admin unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 denied 175
5. 02/15/2022 22:43:34 restorecon unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 189 capability2 mac_admin unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 denied 176
6. 02/15/2022 22:43:34 restorecon unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 189 capability2 mac_admin unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 denied 177
7. 02/15/2022 22:43:34 restorecon unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 189 capability2 mac_admin unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 denied 178
8. 03/10/2022 21:57:33 smbd-notifyd system_u:system_r:smbd_t:s0 254 dir watch unconfined_u:object_r:user_home_dir_t:s0 denied 140
9. 03/10/2022 21:57:33 smbd-notifyd system_u:system_r:smbd_t:s0 254 dir watch unconfined_u:object_r:user_home_dir_t:s0 denied 141