oddjob service / selinux denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hey,

anyone familiar with the oddjob service?

I have configured the dbus and oddjobd and wanted to test it.

While calling it with (as root):

dbus-send --system --dest=local.domain.oddjob_csc --print-reply /admin local.domain.shee.oddjob_csc.test string:test

I get:
Error com.redhat.oddjob.Error.Exec: Child signalled exec() error: Permission denied.


and

type=SYSCALL msg=audit(1659709637.271:196): arch=c000003e syscall=59 success=no exit=-13 a0=55c9f28763d0 a1=55c9f286e0d0 a2=55c9f2870ee0 a3=0 items=0 ppid=4981 pid=6024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="oddjobd" exe="/usr/sbin/oddjobd" subj=system_u:system_r:oddjob_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1659709637.271:196): avc: denied { transition } for pid=6024 comm="oddjobd" path="/usr/libexec/oddjob/sanity.sh" dev="dm-1" ino=15768 scontext=system_u:system_r:oddjob_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0



the configured test script is from the oddjob package:

        <method name="test">
          <helper exec="/usr/libexec/oddjob/sanity.sh"
                  arguments="1"/>
          <allow user="root"/>
        </method>



As the AVC above shows, its a context transition that is not allowed?

How is this service supposed to be used? I suspect that the method call must be in a context by itself, but which one?

Any idea?


Thanks,
Leon


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux