type 1400 avc denial messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear all!
I would like one of the computers on a LAN to send some files to another
computer on the same LAN using scp. Both computers can ping each other
without any problems and I set up ssh using keys authentication to work
without passwords. The task I'm talking about should be done in
automatic way so I wrote the following script (the part of it has been
erased for the purpose of simplicity):
...
OUTFILE=$(mktemp /tmp/out.XXXXXX)
chmod 666 $OUTFILE
...
scp $OUTFILE user@xxxxxxxxxxxx:/home/user/
...

It doesn't work as expected. It creates the desired file in /tmp dir on
local machine but it doesn't copy it to remote machine. Instead I see a
lot of avc denial messages in dmesg output:
type=1400 audit(1288189100.508:9): avc:  denied  { name_connect } for
pid=9059 comm="ssh" dest=22 scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket

The script on the sender machine is invocated by procmail. I tested this
scp command manually and it can be done without any restriction. However
it doesn't work when it's in a script. How can I tell selinux (is it him
whom to blame?) to allow scp from a script?
TIA
P.S. Additional info:
# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

 P.S.2 I don't want to disable SELinux completely  because this system
is connected to the Interned and has static IP address. I see a lot of
interesting in root mail every day :-)
-- 
Love may laugh at locksmiths, but he has a profound respect for money bags.
		-- Sidney Paternoster, "The Folly of the Wise"

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux