Skip to content

Instantly share code, notes, and snippets.

@tormath1

tormath1/denials.md

Created November 29, 2024 14:45
Show Gist options
  • Save tormath1/14b092a445deae08afb89b84203bf7e7 to your computer and use it in GitHub Desktop.
Save tormath1/14b092a445deae08afb89b84203bf7e7 to your computer and use it in GitHub Desktop.
Download ZIP
Flatcar denials
Raw
denials.md 
$ sudo rm /etc/audit/rules.d/99-default.rules
$ sudo rm /etc/audit/rules.d/80-selinux.rules
$ sudo systemctl enable --now auditd
$ reboot
$ journalctl _TRANSPORT=kernel | grep -i avc
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.845:3): avc:  denied  { read } for  pid=1033 comm="systemd-gpt-aut" name="boot" dev="vda9" ino=14 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.846:4): avc:  denied  { mount } for  pid=1033 comm="systemd-gpt-aut" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.861:5): avc:  denied  { read } for  pid=1025 comm="ibft-rule-gener" name="run" dev="vda9" ino=20 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.863:6): avc:  denied  { getattr } for  pid=1025 comm="ibft-rule-gener" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.863:7): avc:  denied  { getattr } for  pid=1024 comm="flatcar-autolog" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.863:9): avc:  denied  { read } for  pid=1024 comm="flatcar-autolog" name="nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.863:8): avc:  denied  { read } for  pid=1025 comm="ibft-rule-gener" name="nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.863:10): avc:  denied  { open } for  pid=1025 comm="ibft-rule-gener" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.863:11): avc:  denied  { open } for  pid=1024 comm="flatcar-autolog" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:40:58 localhost kernel: audit: type=1400 audit(1732891258.264:175): avc:  denied  { search } for  pid=2186 comm="auditd" name="/" dev="overlay" ino=2 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_state_t:s0 tclass=dir permissive=1
Nov 29 14:41:10 localhost kernel: audit: type=1400 audit(1732891270.816:267): avc:  denied  { unmount } for  pid=2340 comm="umount" scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.767:3): avc:  denied  { read } for  pid=968 comm="systemd-gpt-aut" name="boot" dev="vda9" ino=14 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.767:4): avc:  denied  { mount } for  pid=968 comm="systemd-gpt-aut" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.796:5): avc:  denied  { getattr } for  pid=958 comm="flatcar-autolog" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.796:6): avc:  denied  { getattr } for  pid=959 comm="ibft-rule-gener" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.796:8): avc:  denied  { read } for  pid=958 comm="flatcar-autolog" name="nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.796:7): avc:  denied  { read } for  pid=959 comm="ibft-rule-gener" name="nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.796:9): avc:  denied  { open } for  pid=958 comm="flatcar-autolog" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:53 localhost kernel: audit: type=1400 audit(1732891312.796:10): avc:  denied  { open } for  pid=959 comm="ibft-rule-gener" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891313.882:23): avc:  denied  { getattr } for  pid=1118 comm="systemd-sysuser" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_sysusers_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891313.882:24): avc:  denied  { read } for  pid=1118 comm="systemd-sysuser" name="nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_sysusers_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891313.882:25): avc:  denied  { open } for  pid=1118 comm="systemd-sysuser" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_sysusers_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891313.961:26): avc:  denied  { read } for  pid=1122 comm="systemd-tmpfile" name="nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891313.961:27): avc:  denied  { open } for  pid=1122 comm="systemd-tmpfile" path="/usr/share/baselayout/nsswitch.conf" dev="dm-0" ino=297 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891314.284:28): avc:  denied  { search } for  pid=1134 comm="systemd-tmpfile" name="/" dev="overlay" ino=2 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:initrc_state_t:s0 tclass=dir permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891314.313:29): avc:  denied  { getattr } for  pid=1134 comm="systemd-tmpfile" path="/var/lib/selinux" dev="vda9" ino=48 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=lnk_file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891314.314:30): avc:  denied  { read } for  pid=1134 comm="systemd-tmpfile" name="selinux" dev="vda9" ino=48 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=lnk_file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891314.317:31): avc:  denied  { getattr } for  pid=1134 comm="systemd-tmpfile" path="/etc/gshadow" dev="overlay" ino=31246 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=1
Nov 29 14:41:54 localhost kernel: audit: type=1400 audit(1732891314.332:32): avc:  denied  { search } for  pid=1134 comm="systemd-tmpfile" name="core" dev="vda9" ino=520967 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment