Dear all!
I would like one of the computers on a LAN to send some files to another
computer on the same LAN using scp. Both computers can ping each other
without any problems and I set up ssh using keys authentication to work
without passwords. The task I'm talking about should be done in
automatic way so I wrote the following script (the part of it has been
erased for the purpose of simplicity):
...
OUTFILE=$(mktemp /tmp/out.XXXXXX)
chmod 666 $OUTFILE
...
scp $OUTFILE user@xxxxxxxxxxxx:/home/user/
...
It doesn't work as expected. It creates the desired file in /tmp dir on
local machine but it doesn't copy it to remote machine. Instead I see a
lot of avc denial messages in dmesg output:
type=1400 audit(1288189100.508:9): avc: denied { name_connect } for
pid=9059 comm="ssh" dest=22 scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket
The script on the sender machine is invocated by procmail. I tested this
scp command manually and it can be done without any restriction. However
it doesn't work when it's in a script. How can I tell selinux (is it him
whom to blame?) to allow scp from a script?
TIA
P.S. Additional info:
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
P.S.2 I don't want to disable SELinux completely because this system
is connected to the Interned and has static IP address. I see a lot of
interesting in root mail every day :-)
--
Love may laugh at locksmiths, but he has a profound respect for money bags.
-- Sidney Paternoster, "The Folly of the Wise"
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
