Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash
-
On a Fedora 29 server running on ESXi, I was getting this error.
SELinux is preventing vmtoolsd from entrypoint access on the file /usr/bin/bash. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that vmtoolsd should be allowed entrypoint access on the bash file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'vmtoolsd' --raw | audit2allow -M my-vmtoolsd # semodule -X 300 -i my-vmtoolsd.pp Additional Information: Source Context system_u:system_r:vmtools_unconfined_t:s0 Target Context system_u:object_r:shell_exec_t:s0 Target Objects /usr/bin/bash [ file ] Source vmtoolsd Source Path vmtoolsd Port <Unknown> Host wz00.domain.local Source RPM Packages Target RPM Packages bash-4.4.23-6.fc29.x86_64 Policy RPM selinux-policy-3.14.2-51.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name wz00.domain.local Platform Linux wz00.domain.local 4.20.16-200.fc29.x86_64 #1 SMP Thu Mar 14 15:10:22 UTC 2019 x86_64 x86_64 Alert Count 3 First Seen 2019-03-19 15:15:02 PDT Last Seen 2019-03-19 16:58:33 PDT Local ID 13a8d13b-300d-4729-94c4-d5c83a6f4a56 Raw Audit Messages type=AVC msg=audit(1553039913.263:102): avc: denied { entrypoint } for pid=931 comm="vmtoolsd" path="/usr/bin/bash" dev="dm-0" ino=268635479 scontext=system_u:system_r:vmtools_unconfined_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=0 Hash: vmtoolsd,vmtools_unconfined_t,shell_exec_t,file,entrypoint
I ran the commands that it suggested to allow this access "for now"
# ausearch -c 'vmtoolsd' --raw | audit2allow -M my-vmtoolsd # semodule -X 300 -i my-vmtoolsd.pp
My question - Is this permanent? If not, how can I make this permanent?
-
@wrx7m said in Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash:
My question - Is this permanent?
Yes
-
@JaredBusch said in Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash:
@wrx7m said in Error - SELinux is Preventing Vmtoolsd From Entrypoint Access On the File /usr/bin/bash:
My question - Is this permanent?
Yes
Thanks!