nouvo09 wrote:essaie voir un
# sealert -a /var/log/audit/audit.log > ~/mylogfile.txt tu récupéreras les erreurs de selinux que tu pourras traiter ensuite.
Bonjour nouvo09,
merci pour ton conseil.
J'ai exécuté à 2 reprises ta commande, et j'ai corrigé ceci:
Si vous pensez que mktemp devrait être autorisé à accéder write sur .esmtp_queue directory par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "mktemp" --raw | audit2allow -M my-mktemp
# semodule -X 300 -i my-mktemp.pp
Si vous pensez que touch devrait être autorisé à accéder create sur mail file par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "touch" --raw | audit2allow -M my-touch
# semodule -X 300 -i my-touch.pp
Si vous pensez que sendmail devrait être autorisé à accéder getattr sur cmd file par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "sendmail" --raw | audit2allow -M my-sendmail
# semodule -X 300 -i my-sendmail.pp
Si vous pensez que chmod devrait être autorisé à accéder setattr sur cmd file par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "chmod" --raw | audit2allow -M my-chmod
# semodule -X 300 -i my-chmod.pp
Si vous pensez que rm devrait être autorisé à accéder remove_name sur lock directory par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "rm" --raw | audit2allow -M my-rm
# semodule -X 300 -i my-rm.pp
Si vous pensez que dotlockfile devrait être autorisé à accéder read sur .lk015118tales file par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "dotlockfile" --raw | audit2allow -M my-dotlockfile
# semodule -X 300 -i my-dotlockfile.pp
Si vous pensez que sendmail devrait être autorisé à accéder open sur mail file par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "sendmail" --raw | audit2allow -M my-sendmail
# semodule -X 300 -i my-sendmail.pp
Si vous pensez que touch devrait être autorisé à accéder write sur lock file par défaut.
Alors vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Faire
autoriser cet accès pour le moment en exécutant :
# ausearch -c "touch" --raw | audit2allow -M my-touch
# semodule -X 300 -i my-touch.pp
L'erreur à l'extinction persiste:-(.
Je précise que la deuxième commande suggérée par le terminal ne correspond pas exactement à celle du log (de mémoire le "-X300" n'est pas noté par le terminal). J'ai exécuté les commandes du log. D'autre part, j'ai fait un ré étiquetage "selinux" lors des passages de "permissif" à "enforcing". Et je suis sous F26.
J'ai relancé une troisième fois ta commande et j'ai obtenu ce log:
found 0 alerts in /var/log/audit/audit.log
J'ai cependant été interpelé par les indications du terminal:
# sealert -a /var/log/audit/audit.log > /home/xxx/selinuxlog2.txt
type=AVC msg=audit(1521454444.166:197): avc: denied { write } for pid=2131 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=0
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.773:197): avc: denied { write } for pid=2318 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.773:198): avc: denied { add_name } for pid=2318 comm="mktemp" name="iG7MhGdK" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.773:199): avc: denied { create } for pid=2318 comm="mktemp" name="iG7MhGdK" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.778:200): avc: denied { create } for pid=2319 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.778:201): avc: denied { write open } for pid=2319 comm="touch" path="/root/.esmtp_queue/iG7MhGdK/lock" dev="dm-1" ino=2106805 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.778:202): avc: denied { getattr } for pid=2309 comm="sendmail" path="/root/.esmtp_queue/iG7MhGdK/cmd" dev="dm-1" ino=2106807 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.779:203): avc: denied { read } for pid=2309 comm="sendmail" name="iG7MhGdK" dev="dm-1" ino=2106804 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.779:204): avc: denied { open } for pid=2309 comm="sendmail" path="/root/.esmtp_queue/iG7MhGdK" dev="dm-1" ino=2106804 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.779:205): avc: denied { setattr } for pid=2321 comm="chmod" name="cmd" dev="dm-1" ino=2106807 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.780:206): avc: denied { remove_name } for pid=2322 comm="rm" name="lock" dev="dm-1" ino=2106805 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455140.780:207): avc: denied { unlink } for pid=2322 comm="rm" name="lock" dev="dm-1" ino=2106805 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455145.807:208): avc: denied { read } for pid=2328 comm="dotlockfile" name=".lk023289tales" dev="dm-1" ino=2106805 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521455145.807:209): avc: denied { link } for pid=2328 comm="dotlockfile" name=".lk023289tales" dev="dm-1" ino=2106805 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.941:218): avc: denied { write } for pid=3906 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.941:219): avc: denied { add_name } for pid=3906 comm="mktemp" name="zrcyz3yo" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.941:220): avc: denied { create } for pid=3906 comm="mktemp" name="zrcyz3yo" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.946:221): avc: denied { create } for pid=3907 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.946:222): avc: denied { write open } for pid=3907 comm="touch" path="/root/.esmtp_queue/zrcyz3yo/lock" dev="dm-1" ino=2106810 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.947:223): avc: denied { getattr } for pid=3897 comm="sendmail" path="/root/.esmtp_queue/zrcyz3yo/cmd" dev="dm-1" ino=2106812 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.947:224): avc: denied { read } for pid=3897 comm="sendmail" name="zrcyz3yo" dev="dm-1" ino=2105747 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.947:225): avc: denied { open } for pid=3897 comm="sendmail" path="/root/.esmtp_queue/zrcyz3yo" dev="dm-1" ino=2105747 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.948:226): avc: denied { setattr } for pid=3909 comm="chmod" name="cmd" dev="dm-1" ino=2106812 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.948:227): avc: denied { remove_name } for pid=3910 comm="rm" name="lock" dev="dm-1" ino=2106810 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457074.948:228): avc: denied { unlink } for pid=3910 comm="rm" name="lock" dev="dm-1" ino=2106810 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457079.975:229): avc: denied { read } for pid=3918 comm="dotlockfile" name=".lk039187tales" dev="dm-1" ino=2106810 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457079.975:230): avc: denied { link } for pid=3918 comm="dotlockfile" name=".lk039187tales" dev="dm-1" ino=2106810 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.871:199): avc: denied { write } for pid=2292 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.871:200): avc: denied { add_name } for pid=2292 comm="mktemp" name="0Bfn9gsL" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.871:201): avc: denied { create } for pid=2292 comm="mktemp" name="0Bfn9gsL" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.876:202): avc: denied { create } for pid=2293 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.876:203): avc: denied { write open } for pid=2293 comm="touch" path="/root/.esmtp_queue/0Bfn9gsL/lock" dev="dm-1" ino=2106815 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.877:204): avc: denied { getattr } for pid=2283 comm="sendmail" path="/root/.esmtp_queue/0Bfn9gsL/cmd" dev="dm-1" ino=2106816 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.877:205): avc: denied { read } for pid=2283 comm="sendmail" name="0Bfn9gsL" dev="dm-1" ino=2106805 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.877:206): avc: denied { open } for pid=2283 comm="sendmail" path="/root/.esmtp_queue/0Bfn9gsL" dev="dm-1" ino=2106805 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.878:207): avc: denied { setattr } for pid=2295 comm="chmod" name="cmd" dev="dm-1" ino=2106816 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.878:208): avc: denied { remove_name } for pid=2296 comm="rm" name="lock" dev="dm-1" ino=2106815 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457630.878:209): avc: denied { unlink } for pid=2296 comm="rm" name="lock" dev="dm-1" ino=2106815 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457635.989:210): avc: denied { read } for pid=2304 comm="dotlockfile" name=".lk023043tales" dev="dm-1" ino=2106815 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521457635.989:211): avc: denied { link } for pid=2304 comm="dotlockfile" name=".lk023043tales" dev="dm-1" ino=2106815 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.631:222): avc: denied { write } for pid=3049 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.631:223): avc: denied { add_name } for pid=3049 comm="mktemp" name="bkj8Np0u" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.631:224): avc: denied { create } for pid=3049 comm="mktemp" name="bkj8Np0u" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.635:225): avc: denied { create } for pid=3050 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.635:226): avc: denied { write open } for pid=3050 comm="touch" path="/root/.esmtp_queue/bkj8Np0u/lock" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.636:227): avc: denied { getattr } for pid=3040 comm="sendmail" path="/root/.esmtp_queue/bkj8Np0u/cmd" dev="dm-1" ino=2106820 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.636:228): avc: denied { read } for pid=3040 comm="sendmail" name="bkj8Np0u" dev="dm-1" ino=2106810 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.636:229): avc: denied { open } for pid=3040 comm="sendmail" path="/root/.esmtp_queue/bkj8Np0u" dev="dm-1" ino=2106810 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.637:230): avc: denied { setattr } for pid=3052 comm="chmod" name="cmd" dev="dm-1" ino=2106820 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.637:231): avc: denied { remove_name } for pid=3053 comm="rm" name="lock" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464489.637:232): avc: denied { unlink } for pid=3053 comm="rm" name="lock" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464494.741:233): avc: denied { read } for pid=3064 comm="dotlockfile" name=".lk03064etales" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464494.741:234): avc: denied { link } for pid=3064 comm="dotlockfile" name=".lk03064etales" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464497.553:235): avc: denied { read } for pid=3791 comm="sendmail" name="mail" dev="dm-1" ino=2106157 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464497.553:236): avc: denied { open } for pid=3791 comm="sendmail" path="/root/.esmtp_queue/ebazTzRF/mail" dev="dm-1" ino=2106157 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464502.301:237): avc: denied { write } for pid=5362 comm="dotlockfile" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464502.301:238): avc: denied { remove_name } for pid=5362 comm="dotlockfile" name=".deliver_lock" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464502.301:239): avc: denied { unlink } for pid=5362 comm="dotlockfile" name=".deliver_lock" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464642.998:240): avc: denied { add_name } for pid=5464 comm="mktemp" name="cECsdgEL" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464642.998:241): avc: denied { create } for pid=5464 comm="mktemp" name="cECsdgEL" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464642.999:242): avc: denied { create } for pid=5465 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464642.999:243): avc: denied { write } for pid=5465 comm="touch" path="/root/.esmtp_queue/cECsdgEL/lock" dev="dm-1" ino=2106824 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464642.999:244): avc: denied { getattr } for pid=5455 comm="sendmail" path="/root/.esmtp_queue/cECsdgEL/cmd" dev="dm-1" ino=2106825 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464643.0:245): avc: denied { read } for pid=5455 comm="sendmail" name="cECsdgEL" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464643.0:246): avc: denied { open } for pid=5455 comm="sendmail" path="/root/.esmtp_queue/cECsdgEL" dev="dm-1" ino=2106819 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464643.0:247): avc: denied { setattr } for pid=5467 comm="chmod" name="cmd" dev="dm-1" ino=2106825 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464648.2:248): avc: denied { link } for pid=5502 comm="dotlockfile" name=".lk055028tales" dev="dm-1" ino=2106824 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.416:189): avc: denied { write } for pid=2225 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.416:190): avc: denied { add_name } for pid=2225 comm="mktemp" name="goLlzLpR" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.416:191): avc: denied { create } for pid=2225 comm="mktemp" name="goLlzLpR" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.430:192): avc: denied { create } for pid=2226 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.430:193): avc: denied { write open } for pid=2226 comm="touch" path="/root/.esmtp_queue/goLlzLpR/lock" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.430:194): avc: denied { getattr } for pid=2216 comm="sendmail" path="/root/.esmtp_queue/goLlzLpR/cmd" dev="dm-1" ino=2106824 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.431:195): avc: denied { read } for pid=2216 comm="sendmail" name="goLlzLpR" dev="dm-1" ino=2106811 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.431:196): avc: denied { open } for pid=2216 comm="sendmail" path="/root/.esmtp_queue/goLlzLpR" dev="dm-1" ino=2106811 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.431:197): avc: denied { setattr } for pid=2228 comm="chmod" name="cmd" dev="dm-1" ino=2106824 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.432:198): avc: denied { remove_name } for pid=2229 comm="rm" name="lock" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464890.432:199): avc: denied { unlink } for pid=2229 comm="rm" name="lock" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464895.458:200): avc: denied { read } for pid=2236 comm="dotlockfile" name=".lk02236ftales" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521464895.458:201): avc: denied { link } for pid=2236 comm="dotlockfile" name=".lk02236ftales" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.62:172): avc: denied { write } for pid=1502 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.62:173): avc: denied { add_name } for pid=1502 comm="mktemp" name="xLot7Pco" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.62:174): avc: denied { create } for pid=1502 comm="mktemp" name="xLot7Pco" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.82:175): avc: denied { create } for pid=1503 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.82:176): avc: denied { write open } for pid=1503 comm="touch" path="/root/.esmtp_queue/xLot7Pco/lock" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.83:177): avc: denied { getattr } for pid=1493 comm="sendmail" path="/root/.esmtp_queue/xLot7Pco/cmd" dev="dm-1" ino=2106823 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.83:178): avc: denied { read } for pid=1493 comm="sendmail" name="xLot7Pco" dev="dm-1" ino=2106813 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.83:179): avc: denied { open } for pid=1493 comm="sendmail" path="/root/.esmtp_queue/xLot7Pco" dev="dm-1" ino=2106813 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.100:180): avc: denied { setattr } for pid=1505 comm="chmod" name="cmd" dev="dm-1" ino=2106823 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.100:181): avc: denied { remove_name } for pid=1506 comm="rm" name="lock" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467475.100:182): avc: denied { unlink } for pid=1506 comm="rm" name="lock" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467480.194:183): avc: denied { read } for pid=1511 comm="dotlockfile" name=".lk015118tales" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521467480.194:184): avc: denied { link } for pid=1511 comm="dotlockfile" name=".lk015118tales" dev="dm-1" ino=2106818 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=1
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521469998.356:202): avc: denied { write } for pid=2323 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=2097302 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=0
**** Invalid AVC allowed in current policy ***
type=AVC msg=audit(1521559289.844:189): avc: denied { create } for pid=2276 comm="touch" name="lock" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=0
**** Invalid AVC allowed in current policy ***
#
Il semblerait que ce je viens d'autoriser soit invalide. Comment pourrais je corriger cela ? Merci pour ton aide ?
Amicalement.
pll