On Wed, 10 Sep 2008 19:47:22 -0400
Fred Wittekind <rom@xxxxxxxxxxxxxxxxxx> wrote:
> I'm trying to write a new policy for PvPGN.
>
> When I try to start the service via the init script I get:
> Starting PvPGN game server: /usr/sbin/bnetd: error while loading
> shared libraries: libm.so.6: cannot open shared object file:
> Permission denied [FAILED]
>
> And:
> host=twister.dragon type=AVC msg=audit(1221090145.148:30403): avc:
> denied { search } for pid=3526 comm="bnetd" name="usr" dev=dm-0
> ino=3284993 scontext=unconfined_u:system_r:pvpgn_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
>
> host=twister.dragon type=SYSCALL msg=audit(1221090145.148:30403):
> arch=40000003 syscall=195 success=no exit=-13 a0=bfaad190 a1=bfaad1f0
> a2=ca3fc0 a3=8 items=0 ppid=3525 pid=3526 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=151 comm="bnetd"
> exe="/usr/sbin/bnetd" subj=unconfined_u:system_r:pvpgn_t:s0 key=(null)
Add to your policy:
libs_use_shared_libs(pvpgn_t)
> Policy RPM selinux-policy-3.3.1-84.fc9
>
>
> If I run the service from the command line without the init script,
> it works. I'm sure I'm missing something stuipid, just can't figure
> out what it is. Can't figure out why it works without the
> initscript, and throws selinux errors when run from the init script.
When you run the service directly from the command line, it doesn't
transition to pvpgn_t, running unconfined instead, hence no SELinux
issues.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
