Re: VASD policy

Vadym Chepkov <vchepkov@xxxxxxxxx> · Tue, 23 Jul 2013 10:43:41 -0400

On Mon, Jul 22, 2013 at 2:17 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:

What kind of problems are you having with it?

It doesn't work with SELinux in enforcing mode.

# ausearch -m avc -ts recent
----
time->Tue Jul 23 10:41:47 2013
type=SYSCALL msg=audit(1374590507.830:3207): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7fff1e6b5530 a2=6e a3=7fff1e6b5280 items=0 ppid=1208 pid=29329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1374590507.830:3207): avc:  denied  { connectto } for  pid=29329 comm="sshd" path="/var/opt/quest/vas/vasd/.vasd40_ipc_sock" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
----
time->Tue Jul 23 10:41:51 2013
type=SYSCALL msg=audit(1374590511.523:3217): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7fff1e6b5530 a2=6e a3=2 items=0 ppid=1208 pid=29329 auid=40481 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=471 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1374590511.523:3217): avc:  denied  { connectto } for  pid=29329 comm="sshd" path="/var/opt/quest/vas/vasd/.vasd40_ipc_sock" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
----
time->Tue Jul 23 10:41:51 2013
type=SYSCALL msg=audit(1374590511.400:3209): arch=c000003e syscall=2 success=yes exit=7 a0=7f085f9b3470 a1=241 a2=1b6 a3=0 items=0 ppid=1208 pid=29329 auid=4294967295 uid=0 gid=0 euid=40481 suid=0 fsuid=40481 egid=4105 sgid=0 fsgid=4105 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1374590511.400:3209): avc:  denied  { write } for  pid=29329 comm="sshd" name=".vas_logon_server" dev=dm-3 ino=16 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux