- This topic has 1 reply, 2 voices, and was last updated 2 weeks ago by
.
-
Posts
-
I’m seeing the following from clamscan:
/usr/lib/systemd/system/nxserver.service: Permission denied
and the following denial:
type=AVC msg=audit(1712901691.073:2621): avc: denied { getattr } for pid=906568 comm=”clamscan” path=”/usr/lib/systemd/system/nxserver.service” dev=”sda2″ ino=143653704 scontext=system_u:system_r:antivirus_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:nx_unit_file_t:s0 tclass=file permissive=0
The problem is that nx_unit_file_t does not have the proper SELinux attributes. Compare:
# seinfo -xtnx_unit_file_t
Types: 1
type nx_unit_file_t, file_type;to:
# seinfo -xtsystemd_unit_file_t
Types: 1
type systemd_unit_file_t, file_type, non_auth_file_type, non_security_file_type, systemd_unit_file_type;Those attributes should be added to nx_unit_file_t:
require { attribute non_security_file_type, non_auth_file_type, systemd_unit_file_type; }
require { type nx_unit_file_t; }
typeattribute nx_unit_file_t non_security_file_type;
typeattribute nx_unit_file_t non_auth_file_type;
typeattribute nx_unit_file_t systemd_unit_file_type;Hi, this is a known issue and the fix will be in the next update.
Message “SELinux is preventing systemd from ioctl access on the file /usr/lib/systemd/system/nxserver.service” is issued on RHEL 9.3
https://kb.nomachine.com/TR02V11080
You must be logged in to reply to this topic.