1 |
I have been enforcingon my SELinux box for a while without incident, |
2 |
until yesterday. Ddclient started spamming me with emails about SSL |
3 |
connect failures. I checked the audit log for AVCs and found the one |
4 |
below. The context for /etc/ssl/certs/ca-certificates is cert_t and it |
5 |
looks like the interface needed to access this type is |
6 |
"miscfiles_manage_generic_cert_files". I can test if this is the right |
7 |
approach? May take a while cos I am not sure how to force ddclient into |
8 |
attempting an update. |
9 |
|
10 |
Thanks, |
11 |
Robert |
12 |
|
13 |
|type=AVC msg=audit(1497448811.326:13013): avc: denied { search } for |
14 |
pid=3311 comm=6464636C69656E74202D20636F6E6E name="ca-certificates" |
15 |
dev="dm-0" ino=2630168 scontext=system_u:system_r:ddclient_t |
16 |
tcontext=system_u:object_r:cert_t tclass=dir permissive=0 ||| |