Subject: | |
From: | |
Reply To: | |
Date: | Tue, 1 Feb 2011 15:34:29 -0800 |
Content-Type: | multipart/signed |
Parts/Attachments: |
|
|
Is selinux on a default install of SL6 Beta 1 supposed to prevent ypbind from working?
I'm getting this error in the audit.log
type=USER_AVC msg=audit(1296601650.114:34350): user pid=2262 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=4805 tpid=3995 scontext=unconfined_u:system_r:ypbind_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dbus : exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
When run through audit2allow, umm... damn, not found.. Hmm... Yeah, policycoreutils is installed.. wtf?
<begin rant>
audit2allow was moved from policycoreutils to policycoreutils-python. Has it become a game at TUV to see how many separate packages can be built from one src.rpm?
<end rant>
Sorry, distracted for a moment..
Anyway, after installing pcu-python for audit2allow, I get:
module ypbind 1.0;
require {
type unconfined_t;
type ypbind_t;
class dbus send_msg;
}
#============= ypbind_t ==============
allow ypbind_t unconfined_t:dbus send_msg;
which looks reasonable, but I'm not an selinux guru.
--
Don Krause
Head Systems Geek,
Waver of Deceased Chickens.
Optivus Proton Therapy, Inc.
P.O. Box 608
Loma Linda, California 92354
909.799.8327 Tel
909.799.8366 Fax
[log in to unmask]
www.optivus.com
"This message represents the official view of the voices in my head."
|
|
|