[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: radiusd and selinux
- From: Daniel J Walsh <dwalsh redhat com>
- To: "selinux lucullo it" <selinux lucullo it>
- Cc: Fedora SELinux list <fedora-selinux-list redhat com>
- Subject: Re: radiusd and selinux
- Date: Thu, 01 Mar 2007 13:23:43 -0500
selinux lucullo it wrote:
hi...
i don't understand very well this log:
Mar 1 16:07:29 francesca kernel: audit(1172761649.659:16):
avc: denied { read } for pid=2843 comm="radiusd"
name="unexpected.tdb" dev=hda3 ino=9886366
scontext=system_u:system_r:radiusd_t:s0
tcontext=system_u:object_r:samba_var_t:s0 tclass=file
Mar 1 16:07:29 francesca kernel: audit(1172761649.703:17):
avc: denied { create } for pid=2843 comm="radiusd"
scontext=system_u:system_r:radiusd_t:s0
tcontext=system_u:system_r:radiusd_t:s0
tclass=netlink_route_socket
It shows two things. One is radius trying to read a file under a
directory labeled samba_var_t. (unexecpected.tdb). Does radius usually
read the either /var/lib/samba or /var/spool/samba or /var/cache/samba?
The second one is definitely a bug in policy.
You can create a policy module to allow these two accesses by executing
grep radius /var/log/audit/audit.log | audit2allow -M myradius
And loading the policy module.
thank you in advance for the help.
vittorio
--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]