selinux@xxxxxxxxxx wrote:
hi...
i don't understand very well this log:
Mar 1 16:07:29 francesca kernel: audit(1172761649.659:16):
avc: denied { read } for pid=2843 comm="radiusd"
name="unexpected.tdb" dev=hda3 ino=9886366
scontext=system_u:system_r:radiusd_t:s0
tcontext=system_u:object_r:samba_var_t:s0 tclass=file
Mar 1 16:07:29 francesca kernel: audit(1172761649.703:17):
avc: denied { create } for pid=2843 comm="radiusd"
scontext=system_u:system_r:radiusd_t:s0
tcontext=system_u:system_r:radiusd_t:s0
tclass=netlink_route_socket
It shows two things. One is radius trying to read a file under a
directory labeled samba_var_t. (unexecpected.tdb). Does radius usually
read the either /var/lib/samba or /var/spool/samba or /var/cache/samba?
The second one is definitely a bug in policy.
You can create a policy module to allow these two accesses by executing
grep radius /var/log/audit/audit.log | audit2allow -M myradius
And loading the policy module.
thank you in advance for the help.
vittorio
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
