Re: Need some help with a new policy module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 10 Sep 2008 19:47:22 -0400
Fred Wittekind <rom@xxxxxxxxxxxxxxxxxx> wrote:

> I'm trying to write a new policy for PvPGN.
> 
> When I try to start the service via the init script I get:
> Starting PvPGN game server: /usr/sbin/bnetd: error while loading
> shared libraries: libm.so.6: cannot open shared object file:
> Permission denied [FAILED]
> 
> And:
> host=twister.dragon type=AVC msg=audit(1221090145.148:30403): avc:  
> denied  { search } for  pid=3526 comm="bnetd" name="usr" dev=dm-0 
> ino=3284993 scontext=unconfined_u:system_r:pvpgn_t:s0 
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> 
> host=twister.dragon type=SYSCALL msg=audit(1221090145.148:30403): 
> arch=40000003 syscall=195 success=no exit=-13 a0=bfaad190 a1=bfaad1f0 
> a2=ca3fc0 a3=8 items=0 ppid=3525 pid=3526 auid=500 uid=0 gid=0 euid=0 
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=151 comm="bnetd" 
> exe="/usr/sbin/bnetd" subj=unconfined_u:system_r:pvpgn_t:s0 key=(null)

Add to your policy:

libs_use_shared_libs(pvpgn_t)

> Policy RPM                    selinux-policy-3.3.1-84.fc9
> 
> 
> If I run the service from the command line without the init script,
> it works.  I'm sure I'm missing something stuipid, just can't figure
> out what it is.  Can't figure out why it works without the
> initscript, and throws selinux errors when run from the init script.

When you run the service directly from the command line, it doesn't
transition to pvpgn_t, running unconfined instead, hence no SELinux
issues.

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux