How to disable selinux protection interfering with pppd? I tried audit2allow, but policy does not load. Is there an seboolean?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



CentOS release 5.4 (Final)

I run pppd on this system, it accepts dial-in connections, logs people
in over ssh/sftp.

I had selinux disabled on this system originally, but I recently
enabled it, and selinux
is blocking this pppd service.

"audit2allow -M" has generated the following policy based on AVC
denial messages:


module fixdialinserver 1.0;

require {
        type pppd_t;
        type shadow_t;
        type chkpwd_exec_t;
        class file { read execute };
        class netlink_audit_socket create;
}

#============= pppd_t ==============
allow pppd_t chkpwd_exec_t:file execute;
allow pppd_t self:netlink_audit_socket create;
allow pppd_t shadow_t:file read;


However, I am unable to load this module due to conflict with another policy:

# semodule -i fixdialinserver.pp
libsepol.check_assertion_helper: assertion on line 0 violated by allow
pppd_t shadow_t:file { read };
libsepol.check_assertions: 1 assertion violations occured
libsemanage.semanage_expand_sandbox: Expand module failed
semodule:  Failed!
#

Is there an seboolean I can tweak to allow me to load this policy?

Thanks,
Aleksey
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux