On Fri, 25 Sep 2009 18:38:20 +0200
Dominick Grift <domg472@xxxxxxxxx> wrote:
> On Fri, Sep 25, 2009 at 03:35:52PM +0000, tarnait wrote:
> > type=AVC msg=audit(1253870574.325:17): avc: denied { search }
> > for pid=921 comm="pppd" name="root" dev=sda1 ino=12
> > scontext=system_u:system_r:pppd_t:s0
> > tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
> > Was caused by: Missing type enforcement (TE) allow rule.
> >
> > You can use audit2allow to generate a loadable
> > module to allow this access.
> >
>
> This also *may* be a labelling issue. pppd wants to search /root
> dir. /root dir has type unconfined_home_dir_t. see if this is
> correct: matchpathcon /root restorecon -R /root
>
> /root usually has type admin_home_t and i do not see any good reason
> why pppd should be able to search it. misconfiguration/misusage maybe?
pppd looks for ~/.ppprc, so if you're using it as root (e.g. to connect
to your ISP) you're going to see this. Haven't found any way of turning
it off either.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
