DanielTimLee · April 30, 2019 13:03
diff --git a/pritunl_journal.log b/pritunl_journal.log
 pritunl[7643]: [patient-thunder-3756][2019-04-30 21:31:06,543][INFO] Starting server                                                                                             
 pritunl[7643]:   selinux_context = "system_u:system_r:pritunl_t:s0"                                                         
 pritunl[7643]: [patient-thunder-3756][2019-04-30 21:52:49,682][ERROR] Failed to get IPv6 routes
 pritunl[7643]: Traceback (most recent call last):                                                                                 
 pritunl[7643]:   File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/setup/ndppd.py", line 24, in _default_interface_thread
 pritunl[7643]:     ['route', '-n', '-A', 'inet6'])                                                                          
 pritunl[7643]:   File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/utils/misc.py", line 224, in check_output_logged
 pritunl[7643]:     return_code, cmd, output=stdoutdata)                                                      
 pritunl[7643]: CalledProcessError: Command '['route', '-n', '-A', 'inet6']' returned non-zero exit status -11
 pritunl[7643]: [patient-thunder-3756][2019-04-30 21:52:49,683][ERROR] Popen returned error exit code
 pritunl[7643]:   cmd         = ["route", "-n", "-A", "inet6"]                            
 pritunl[7643]:   return_code = -11                                                            
 pritunl[7643]: Traceback (most recent call last):                                  
 pritunl[7643]:   File "/usr/lib64/python2.7/threading.py", line 777, in __bootstrap                 
 pritunl[7643]:     self.__bootstrap_inner()                                                                  
 pritunl[7643]:   File "/usr/lib64/python2.7/threading.py", line 804, in __bootstrap_inner
 pritunl[7643]:     self.run()                                                                                                     
 pritunl[7643]:   File "/usr/lib64/python2.7/threading.py", line 757, in run
 pritunl[7643]:     self.__target(*self.__args, **self.__kwargs)                                                             
 pritunl[7643]:   File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/helpers.py", line 39, in _wrapped
 pritunl[7643]:     for _ in call(*args, **kwargs):                                                                                
 pritunl[7643]:   File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/setup/ndppd.py", line 24, in _default_interface_thread                                               
 pritunl[7643]:     ['route', '-n', '-A', 'inet6'])                                                                          
 pritunl[7643]:   File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/utils/misc.py", line 220, in check_output_logged
 pritunl[7643]:     stderr=stderrdata,                                                                             
 pritunl[7643]:   File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/logger/__init__.py", line 55, in error
 pritunl[7643]:     kwargs['traceback'] = traceback.format_stack()                              
 ...
 audit[9639]: AVC avc:  denied  { map } for  pid=9639 comm="route" path="/usr/sbin/route" dev="dm-0" ino=1520943 scontext=system_u:system_r:pritunl_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
 audit[9639]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:pritunl_t:s0 pid=9639 comm="route" exe="/usr/sbin/route" sig=11 res=1
 audit[9642]: AVC avc:  denied  { map } for  pid=9642 comm="route" path="/usr/sbin/route" dev="dm-0" ino=1520943 scontext=system_u:system_r:pritunl_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
 audit[9642]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:pritunl_t:s0 pid=9642 comm="route" exe="/usr/sbin/route" sig=11 res=1

 setroubleshoot[9641]: SELinux is preventing route from map access on the file /usr/sbin/route. For complete SELinux messages run: sealert -l 64fa348f-26f3-48c7-bb8b-0eb41e5717e2
 python3[9641]: SELinux is preventing route from map access on the file /usr/sbin/route.
                *****  Plugin catchall_boolean (89.3 confidence) suggests   ******************

                If you want to allow domain to can mmap files
                Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean.

                Do
                setsebool -P domain_can_mmap_files 1

                *****  Plugin catchall (11.6 confidence) suggests   **************************

                If you believe that route should be allowed map access on the route file by default.
                Then you should report this as a bug.

                You can generate a local policy module to allow this access.
                Do 
                allow this access for now by executing:
                # ausearch -c 'route' --raw | audit2allow -M my-route
                # semodule -X 300 -i my-route.pp
	pritunl[7643]: [patient-thunder-3756][2019-04-30 21:31:06,543][INFO] Starting server
	pritunl[7643]: selinux_context = "system_u:system_r:pritunl_t:s0"
	pritunl[7643]: [patient-thunder-3756][2019-04-30 21:52:49,682][ERROR] Failed to get IPv6 routes
	pritunl[7643]: Traceback (most recent call last):
	pritunl[7643]: File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/setup/ndppd.py", line 24, in _default_interface_thread
	pritunl[7643]: ['route', '-n', '-A', 'inet6'])
	pritunl[7643]: File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/utils/misc.py", line 224, in check_output_logged
	pritunl[7643]: return_code, cmd, output=stdoutdata)
	pritunl[7643]: CalledProcessError: Command '['route', '-n', '-A', 'inet6']' returned non-zero exit status -11
	pritunl[7643]: [patient-thunder-3756][2019-04-30 21:52:49,683][ERROR] Popen returned error exit code
	pritunl[7643]: cmd = ["route", "-n", "-A", "inet6"]
	pritunl[7643]: return_code = -11
	pritunl[7643]: Traceback (most recent call last):
	pritunl[7643]: File "/usr/lib64/python2.7/threading.py", line 777, in __bootstrap
	pritunl[7643]: self.__bootstrap_inner()
	pritunl[7643]: File "/usr/lib64/python2.7/threading.py", line 804, in __bootstrap_inner
	pritunl[7643]: self.run()
	pritunl[7643]: File "/usr/lib64/python2.7/threading.py", line 757, in run
	pritunl[7643]: self.__target(self.__args, *self.__kwargs)
	pritunl[7643]: File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/helpers.py", line 39, in _wrapped
	pritunl[7643]: for _ in call(args, *kwargs):
	pritunl[7643]: File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/setup/ndppd.py", line 24, in _default_interface_thread
	pritunl[7643]: ['route', '-n', '-A', 'inet6'])
	pritunl[7643]: File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/utils/misc.py", line 220, in check_output_logged
	pritunl[7643]: stderr=stderrdata,
	pritunl[7643]: File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/logger/__init__.py", line 55, in error
	pritunl[7643]: kwargs['traceback'] = traceback.format_stack()
	...
	audit[9639]: AVC avc: denied { map } for pid=9639 comm="route" path="/usr/sbin/route" dev="dm-0" ino=1520943 scontext=system_u:system_r:pritunl_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
	audit[9639]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:pritunl_t:s0 pid=9639 comm="route" exe="/usr/sbin/route" sig=11 res=1
	audit[9642]: AVC avc: denied { map } for pid=9642 comm="route" path="/usr/sbin/route" dev="dm-0" ino=1520943 scontext=system_u:system_r:pritunl_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
	audit[9642]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:pritunl_t:s0 pid=9642 comm="route" exe="/usr/sbin/route" sig=11 res=1

	setroubleshoot[9641]: SELinux is preventing route from map access on the file /usr/sbin/route. For complete SELinux messages run: sealert -l 64fa348f-26f3-48c7-bb8b-0eb41e5717e2
	python3[9641]: SELinux is preventing route from map access on the file /usr/sbin/route.
	*** Plugin catchall_boolean (89.3 confidence) suggests ****************

	If you want to allow domain to can mmap files
	Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean.

	Do
	setsebool -P domain_can_mmap_files 1

	*** Plugin catchall (11.6 confidence) suggests ************************

	If you believe that route should be allowed map access on the route file by default.
	Then you should report this as a bug.

	You can generate a local policy module to allow this access.
	Do
	allow this access for now by executing:
	# ausearch -c 'route' --raw \| audit2allow -M my-route
	# semodule -X 300 -i my-route.pp