Skip to content

selinux: example avc denied - autorelabel

Symptoms

Host

# uname -a
Linux host 5.4.17-2136.327.2.el7uek.x86_64 #2 SMP Fri Jan 5 14:53:41 PST 2024 x86_64 x86_64 x86_64 GNU/Linux

ssh login to host:

$ ssh [host]
/bin/bash: Permission denied

dmesg on host:

[ 1680.936313] audit: type=1400 audit(000000000.099:50): avc:  denied  { transition } for  pid=1221 comm="sshd" 
path="/usr/bin/bash" dev="dm-0" ino=111111111 scontext=system_u:system_r:unconfined_service_t:s0 
context=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0

Fix

touch /.autorelabel
reboot

Vendor: https://bugzilla.redhat.com/show_bug.cgi?id=1136196