I have been enforcingon my SELinux box for a while without incident,
until yesterday. Ddclient started spamming me with emails about SSL
connect failures. I checked the audit log for AVCs and found the one
below. The context for /etc/ssl/certs/ca-certificates is cert_t and it
looks like the interface needed to access this type is
"miscfiles_manage_generic_cert_files". I can test if this is the right
approach? May take a while cos I am not sure how to force ddclient into
attempting an update.
Thanks,
Robert
|type=AVC msg=audit(1497448811.326:13013): avc: denied { search } for
pid=3311 comm=6464636C69656E74202D20636F6E6E name="ca-certificates"
dev="dm-0" ino=2630168 scontext=system_u:system_r:ddclient_t
tcontext=system_u:object_r:cert_t tclass=dir permissive=0 |||
- [gentoo-hardened] SELinux ddclient and ca-certificates Robert Sharp
-
