radiusd and selinux
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 1 18:23:43 UTC 2007
selinux at lucullo.it wrote:
> hi...
>
> i don't understand very well this log:
>
> Mar 1 16:07:29 francesca kernel: audit(1172761649.659:16):
> avc: denied { read } for pid=2843 comm="radiusd"
> name="unexpected.tdb" dev=hda3 ino=9886366
> scontext=system_u:system_r:radiusd_t:s0
> tcontext=system_u:object_r:samba_var_t:s0 tclass=file
> Mar 1 16:07:29 francesca kernel: audit(1172761649.703:17):
> avc: denied { create } for pid=2843 comm="radiusd"
> scontext=system_u:system_r:radiusd_t:s0
> tcontext=system_u:system_r:radiusd_t:s0
> tclass=netlink_route_socket
>
It shows two things. One is radius trying to read a file under a
directory labeled samba_var_t. (unexecpected.tdb). Does radius usually
read the either /var/lib/samba or /var/spool/samba or /var/cache/samba?
The second one is definitely a bug in policy.
You can create a policy module to allow these two accesses by executing
grep radius /var/log/audit/audit.log | audit2allow -M myradius
And loading the policy module.
>
> thank you in advance for the help.
>
> vittorio
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list