LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

December 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS December 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: ddclient vs selinux
From:	jdow <[log in to unmask]>
Reply To:	jdow <[log in to unmask]>
Date:	Sat, 14 Dec 2013 17:36:15 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (52 lines)

I kinda wondered if somebody here had an idea.

Ah well....
{o.o}

On 2013/12/14 17:11, Nico Kadel-Garcia wrote:
> Submit a bug report to EPEL?
>
> On Sat, Dec 14, 2013 at 7:18 PM, jdow <[log in to unmask]> wrote:
>> For some time now ddclient has not been working quite right. I made some
>> changes that finally brought to light the reason for this.
>>
>> I removed the tweaked ddclient.conf, then yum removed ddclient, yum install
>> ddclient, and finally edited the ddclient.conf file to make it happy.
>>
>> I started getting errors. This sequence is typical:
>> Dec 14 14:40:29 me2 ddclient[5711]: WARNING:  updating xxxx.dyndns.org:
>> nochg: No update required; unnecessary attempts to change to the current
>> address are considered abusive
>> Dec 14 14:40:29 me2 ddclient[5711]: FATAL:    Cannot create file
>> '/var/cache/ddclient/ddclient.cache'. (Permission denied)
>>
>> I figured it's not nice to abuse the kind folks at dyndns so I dug further
>> into it.
>>
>> "setenforce 0" allows it to run properly.
>>
>> So I dug into the audit logs.
>> These two lines do not look right.
>> type=AVC msg=audit(1387064159.179:461956): avc:  denied  { getattr } for
>> pid=6296 comm="ddclient" path="/var/cache/ddclient/ddclient.cache" dev=dm-0
>> ino=2621901 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
>> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>> type=SYSCALL msg=audit(1387064159.179:461956): arch=c000003e syscall=4
>> success=yes exit=0 a0=1b234a0 a1=1b02130 a2=1b02130 a3=28 items=0 ppid=6281
>> pid=6296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> tty=(none) ses=10540 comm="ddclient" exe="/usr/bin/perl"
>> subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>>
>> ddclient with a dhcpc_t tag? I note there does not seem to be a ddclient_t
>> or similar tag on the system.
>>
>> The ddclient is from epel. I'd expect it to have a proper selinux setup.
>> I am rash enough to expect that should be handled in the ddclient rpm
>> setup.
>>
>> What do I need to do to get this to work properly with "setenforce 1"
>> restored?
>>
>> {^_^}   Joanne
>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV