Selinux - process access to a folder?

X

XAN-TAN2022-01-26 13:08:58

Red Hat Enterprise Linux

XAN-TAN, 2022-01-26 13:08:58

Good afternoon.
Please help me figure it out.
We have a Red Hat 8.5 server Running
Selinux
audit2why - shows an error

Was caused by:
                Unknown - would be allowed by active policy
                Possible mismatch between this policy and the one under which the audit message was generated.

                Possible mismatch between current in-memory boolean settings vs. permanent ones.

type=AVC msg=audit(1643184366.474:309): avc:  denied  { execute_no_trans } for  pid=51359 comm="(asterisk)" path="/usr/sbin/asterisk" dev="dm-0" ino=582977 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 trawcon="system_u:object_r:asterisk_exec_t:s0"

I try to assign the /usr/sbin/asterisk folder to be run from the asterisk_exec_t process.
But when I enter the command - semanage fcontext -a -t asterisk_exec_t /usr/sbin/asterisk

ValueError: Type asterisk_exec_t is invalid, must be a file or device type

Please tell me what am I doing wrong?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

X

XAN-TAN, 2022-01-26
@XAN-TAN

To be honest, a little puzzled.
At the request "Selinux - Asterisk settings" All
I see is - Disable Selinux
Doesn't anyone want to figure out how to make them friends?