Re: fedora-selinux-list Digest, Vol 39, Issue 21

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Wed, 23 May 2007 09:24:34 -0400

Dineshwar Kumar wrote:
Hi,

I am new to the selinux policy can any one tell me what is this. i am 
using snmp to read the nfs mounted dir "content_directory". than i got 
this entry in my log.

05.22.2007 04:46:53 EDT <kern.notice> 172.25.33.140 
<http://172.25.33.140> kernel: audit(1179391601.031:1144058): avc:  
denied   { search } for  pid=19687 comm="snmpd" 
name="content_directory" dev=0:15 ino=14609954 
scontext=system_u:system_r:snmpd_t tcontext=root:object_r:nfs_t 
tclass=dir

This means that SELinux policy will not allow the snmpd daemon to 
search/read nfs file systems.  If you want to allow this permission you 
can add it using

audit2allow -M mysnmpd -i /var/log/audit/audit.log

on the parent dir the selinux policy is this

[root@INP-AS-11 /]# ls -Z 
/usr/local/PServer41SP2/server/nodes/momentum/archives/public_html/
drwxrwxrwx  supportp supportp user_u:object_r:usr_t            admin
drwxrwxrwx  supportp supportp user_u:object_r:usr_t            cliks
drwxrwxrwx  root     root                                      
cliksdmrroot
-rw-rw-r--  supportp supportp user_u:object_r:usr_t            cliks.tgz
drwxrwxrwx  supportp supportp user_u:object_r:usr_t            css
-rwxrwxrwx  supportp supportp user_u:object_r:usr_t            index.jsp
drwxrwxrwx  supportp supportp user_u:object_r:usr_t            
pramati_admin_help
drwxrwxrwx  supportp supportp user_u:object_r:usr_t            WEB-INF

[root@INP-AS-11 /]# ls -Z 
/usr/local/PServer41SP2/server/nodes/momentum/archives/public_html/cliksdmrroot/
drwxrwxrwx  nfsnobod nfsnobod                                  
content_directory
drwxrwxrwx  nfsnobod nfsnobod                                  
dfxmldirectory
drwxrwxrwx  nfsnobod nfsnobod                                  dmrnormal
drwxrwxrwx  nfsnobod nfsnobod                                  exportarea
drwxrwxrwx  nfsnobod nfsnobod                                  
kmexportarea
drwxrwxrwx  nfsnobod nfsnobod                                  kmnwpath
drwxrwxrwx  nfsnobod nfsnobod                                  
kmtemprepository
drwxrwxrwx  nfsnobod nfsnobod                                  
kmxmlrepository
drwxrwxrwx  nfsnobod nfsnobod                                  
lmsdirectory
-rwxrwxrwx  nfsnobod nfsnobod                                  
log4j.properties
drwxrwxrwx  nfsnobod nfsnobod                                  
tedirectory
drwxrwxrwx  nfsnobod nfsnobod                                  umdirectory
drwxrwxrwx  nfsnobod nfsnobod                                  WEB-INF
drwxrwxrwx  nfsnobod nfsnobod                                  
wsdirectory

With Thanks,
Dinesh 
------------------------------------------------------------------------

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list