Problems with pppd and mgetty+sendfax on FC5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Recently installed FC5 and am experiencing problems with pppd and
mgetty+sendfax when running with SELinux enabled.

mgetty+sendfax was unable to write to /var/spool/fax/incoming. However,
switching to permissive mode fixed this problem.

What I can't understand is the problem experienced with pppd. Users dialing
in fail PAP authentication when SELinux is enabled. This doesn't happen with
SELinux disabled and dial in works correctly. However, when SELinux is
enabled but running in "permissive" mode rather than "enforcing", pppd still
fails. I thought that in "permissive" mode, SELinux would just log the
permission failures but allow everything to go ahead ???

Appears that SELinux is still preventing pppd from accessing the shadow file
to validate user password credentials. Is this a special case? Disabling
SELinux protection for pppd didn't appear to make any difference.


Jun  7 11:44:59 zeus mgetty[2458]: data dev=ttyS1, pid=2458, caller='none',
conn='26400/ARQ/V34/LAPM/V42BIS', name='', cmd='/usr/sbin/pppd',
user='/AutoPPP/'
Jun  7 11:44:59 zeus pppd[2458]: pppd 2.4.3 started by a_ppp, uid 0
Jun  7 11:44:59 zeus pppd[2458]: Using interface ppp0
Jun  7 11:44:59 zeus pppd[2458]: Connect: ppp0 <--> /dev/ttyS1
Jun  7 11:45:02 zeus pppd[2458]: PAP peer authentication failed for phancox
Jun  7 11:45:02 zeus kernel: audit(1149644702.926:69): avc:  denied  { read
} for  pid=2458 comm="pppd" name="shadow" dev=dm-0 ino=1495903
scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:shadow_t:s0
tclass=file
Jun  7 11:45:02 zeus kernel: audit(1149644702.926:70): avc:  denied  {
getattr } for  pid=2458 comm="pppd" name="shadow" dev=dm-0 ino=1495903
scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:shadow_t:s0
tclass=file
Jun  7 11:45:02 zeus kernel: audit(1149644702.930:71): avc:  denied  {
create } for  pid=2458 comm="pppd" scontext=system_u:system_r:pppd_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=netlink_audit_socket
Jun  7 11:45:02 zeus kernel: audit(1149644702.930:72): avc:  denied  { write
} for  pid=2458 comm="pppd" scontext=system_u:system_r:pppd_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=netlink_audit_socket
Jun  7 11:45:02 zeus kernel: audit(1149644702.930:73): avc:  denied  {
nlmsg_relay } for  pid=2458 comm="pppd" scontext=system_u:system_r:pppd_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=netlink_audit_socket
Jun  7 11:45:02 zeus kernel: audit(1149644702.930:74): avc:  denied  { read
} for  pid=2458 comm="pppd" scontext=system_u:system_r:pppd_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=netlink_audit_socket
Jun  7 11:45:03 zeus pppd[2458]: Connection terminated.
Jun  7 11:45:03 zeus pppd[2458]: Exit.


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux