ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash

    IT Discussion
    selinux fedora29 fedora 29 vmtoolsd esxi vmware linux linux server
    2
    3
    543
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wrx7mW
      wrx7m
      last edited by wrx7m

      On a Fedora 29 server running on ESXi, I was getting this error.

      
SELinux is preventing vmtoolsd from entrypoint access on the file /usr/bin/bash.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that vmtoolsd should be allowed entrypoint access on the bash file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'vmtoolsd' --raw | audit2allow -M my-vmtoolsd
# semodule -X 300 -i my-vmtoolsd.pp


Additional Information:
Source Context                system_u:system_r:vmtools_unconfined_t:s0
Target Context                system_u:object_r:shell_exec_t:s0
Target Objects                /usr/bin/bash [ file ]
Source                        vmtoolsd
Source Path                   vmtoolsd
Port                          <Unknown>
Host                          wz00.domain.local
Source RPM Packages
Target RPM Packages           bash-4.4.23-6.fc29.x86_64
Policy RPM                    selinux-policy-3.14.2-51.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     wz00.domain.local
Platform                      Linux wz00.domain.local 4.20.16-200.fc29.x86_64 #1
                              SMP Thu Mar 14 15:10:22 UTC 2019 x86_64 x86_64
Alert Count                   3
First Seen                    2019-03-19 15:15:02 PDT
Last Seen                     2019-03-19 16:58:33 PDT
Local ID                      13a8d13b-300d-4729-94c4-d5c83a6f4a56

Raw Audit Messages
type=AVC msg=audit(1553039913.263:102): avc:  denied  { entrypoint } for  pid=931 comm="vmtoolsd" path="/usr/bin/bash" dev="dm-0" ino=268635479 scontext=system_u:system_r:vmtools_unconfined_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=0


Hash: vmtoolsd,vmtools_unconfined_t,shell_exec_t,file,entrypoint

      I ran the commands that it suggested to allow this access "for now"

      # ausearch -c 'vmtoolsd' --raw | audit2allow -M my-vmtoolsd
# semodule -X 300 -i my-vmtoolsd.pp

      My question - Is this permanent? If not, how can I make this permanent?

      JaredBuschJ 1 Reply Last reply Reply Quote 1
      • JaredBuschJ
        JaredBusch @wrx7m
        last edited by

        @wrx7m said in Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash:

        My question - Is this permanent?

        Yes

        wrx7mW 1 Reply Last reply Reply Quote 1
        • wrx7mW
          wrx7m @JaredBusch
          last edited by

          @JaredBusch said in Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash:

          @wrx7m said in Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash:

          My question - Is this permanent?

          Yes

          Thanks!

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post