Hello,
I have an Enterprise Linux 6 machine, managed by Puppet, enforcing the
target policy, for which Puppet manages a bunch of contexts and
policies, but the following message occurs when it attempts to do so:
type=AVC msg=audit(1330511088.080:1757): avc: denied { write } for
pid=9222 comm="semanage" path="/tmp/puppet20120229-8297-bjmcbp-0"
dev=dm-0 ino=1572875
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
The following is a reference to what Puppet is trying to do:
http://git.puppetmanaged.org/?p=mail;a=blob;f=manifests/init.pp;h=2b25c58d1ee68c9391344e8ebebe5493a2bbeb11;hb=fc1a6a3814e01d6b521472b26fce6f35273c1e49#l98
In short, I'm installing custom built mailman packages so that I can
have devel@project1 alongside devel@project2 mailing lists by installing
dedicated mailman instances for project1 and project2. The Puppet module
I'm referring to attempts to apply the necessary SELinux contexts to the
files deployed with each RPM package.
I'm wondering what is causing the denial (or, why semanage needs
something in /tmp/ with the name of puppet in it) as well as what to do
about it - it doesn't seem to be blocking Puppet from achieving the goal
of adding new file_contexts for these custom packages.
Kind regards,
Jeroen van Meeuwen
--
Systems Architect, Kolab Systems AG
e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com
pgp: 9342 BF08
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
