less under the domain journalctl_t fails to getattr of virtual files /dev/*.
To prevent journalctl calling less,
journalctl --no-pager
Last active
September 14, 2022 13:17
-
-
Save gdlmx/8e0624915199e188ee7f2d8c51bd1931 to your computer and use it in GitHub Desktop.
SELinux debug log in CentOS9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (allow staff_t lib_t (file (watch))) | |
| (allow staff_t non_security_file_type (dir (watch))) | |
| (allow staff_gkeyringd_t pidfile (file (getattr open read))) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Command: sudo | |
| avc: denied { search } syscall=openat | |
| auid=1001 uid=1001 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 | |
| Source Context staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 | |
| Target Context system_u:system_r:init_t:s0 | |
| Target Objects /proc/<pid>/cgroup [ dir ] | |
| Source Path /usr/bin/sudo | |
| # Command: journalctl | |
| avc: denied { getattr } syscall=newfstatat | |
| Source Context staff_u:staff_r:journalctl_t:s0-s0:c0.c1023 | |
| Target Context system_u:object_r:tty_device_t:s0 | |
| Target Objects /dev/tty0 [ chr_file ] | |
| Source Path /usr/bin/less |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment