We have Amazon Linux 2 with Selinux enabled on it
from audit.log file, we have the following denied:
type=AVC msg=audit(1645462240.556:179): avc: denied { connectto } for pid=7329 comm="plymouth" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:plymouthd_t:s0 tclass=unix_stream_socket permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
I tried to generate a custom selinux module using this command:
sudo grep "plymouth" /var/log/audit/audit.log | audit2allow -M myip sudo semodule -i myip.pp
but we got this in the logs:
type=AVC msg=audit(1645462240.556:179): avc: denied { connectto } for pid=7329 comm="plymouth" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:plymouthd_t:s0 tclass=unix_stream_socket permissive=0 Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated. Possible mismatch between current in-memory boolean settings vs. permanent ones.
Can anyone please help with this to solve this issue?
Looks like Plymouth is running in the wrong selinux context.
Target (socket) expects it to be plymouthd_t, but the source (application or demon )is set to iptables_t
I'm no selinux expert, but it looks like an issue or bug with selinux-policy. Have you tried to file a case with RedHat?
Found something similar :
Have you tried changing the context using "semanage context"?
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.