| 1 |
I have been enforcingon my SELinux box for a while without incident, |
| 2 |
until yesterday. Ddclient started spamming me with emails about SSL |
| 3 |
connect failures. I checked the audit log for AVCs and found the one |
| 4 |
below. The context for /etc/ssl/certs/ca-certificates is cert_t and it |
| 5 |
looks like the interface needed to access this type is |
| 6 |
"miscfiles_manage_generic_cert_files". I can test if this is the right |
| 7 |
approach? May take a while cos I am not sure how to force ddclient into |
| 8 |
attempting an update. |
| 9 |
|
| 10 |
Thanks, |
| 11 |
Robert |
| 12 |
|
| 13 |
|type=AVC msg=audit(1497448811.326:13013): avc: denied { search } for |
| 14 |
pid=3311 comm=6464636C69656E74202D20636F6E6E name="ca-certificates" |
| 15 |
dev="dm-0" ino=2630168 scontext=system_u:system_r:ddclient_t |
| 16 |
tcontext=system_u:object_r:cert_t tclass=dir permissive=0 ||| |
Archives