Benign SE Linux violations caused by FRR scripts #3574
DanPartelly
started this conversation in
General
Replies: 1 comment 4 replies
-
|
Could be due to #3541 ? |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I've recently switched to a full SELinux-hardened setup for my workstations. My SELinux policy config is in progress. We have a benign SELinux violation in Netlab. And because this is benign, this is a discussion, not a PR.
Most probably related to logging from FRR containers, judging by /proc/fd/being involved. Still, we should get rid of it, if possible. It pollutes logs.
type=AVC msg=audit(1783093998.996:4931): avc: denied { write } for pid=110656 comm="01-initial.sh" name="fd" dev="proc" ino=1195701 scontext=system_u:system_r:container_runtime_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=dir permissive=0
Beta Was this translation helpful? Give feedback.
All reactions