Subject: | |
From: | |
Reply To: | |
Date: | Sat, 22 Feb 2014 10:28:40 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi All,
Is anyone else having problems starting arpwatch with SL6.5--while it
worked fine with SL6.4? (arpwatch-2.1a15-14.el6.x86_64)
All packages are up to date and SELINUX is set to enforcing: the
arpwatch rc init script is failing with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# service arpwatch start
Starting arpwatch: arpwatch: lookup_device: Can't open netlink socket
13:Permission denied
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and the following is being logged in /var/log/audit/audit.log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
type=SYSCALL msg=audit(1392643622.271:62714): arch=c000003e syscall=54
success=yes exit=0 a0=0 a1=107 a2=1 a3=7fff757aa000 items=0 ppid=1
pid=15377 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=5 comm="arpwatch" exe="/usr/sbin/arpwatch"
subj=unconfined_u:system_r:arpwatch_t:s0 key=(null)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The setroubleshoot details show:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SELinux is preventing /usr/sbin/arpwatch from create access on the
netlink_socket .
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that arpwatch should be allowed create access on the
netlink_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep arpwatch /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context unconfined_u:system_r:arpwatch_t:s0
Target Context unconfined_u:system_r:arpwatch_t:s0
Target Objects [ netlink_socket ]
Source arpwatch
Source Path /usr/sbin/arpwatch
Port <Unknown>
Host xuxa
Source RPM Packages arpwatch-2.1a15-14.el6.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.7.19-231.el6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name xuxa
Platform Linux xuxa 2.6.32-431.5.1.el6.x86_64 #1
SMP Tue
Feb 11 13:30:01 CST 2014 x86_64 x86_64
Alert Count 8
First Seen Sat 22 Feb 2014 05:11:01 MST
Last Seen Sat 22 Feb 2014 09:51:20 MST
Local ID f6f79ef8-ccb6-4b22-a6af-89f25435fead
Raw Audit Messages
type=AVC msg=audit(1393087880.238:1100): avc: denied { create } for
pid=29377 comm="arpwatch" scontext=unconfined_u:system_r:arpwatch_t:s0
tcontext=unconfined_u:system_r:arpwatch_t:s0 tclass=netlink_socket
type=SYSCALL msg=audit(1393087880.238:1100): arch=x86_64 syscall=socket
success=no exit=EACCES a0=10 a1=3 a2=c a3=4 items=0 ppid=29376 pid=29377
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts4
ses=7 comm=arpwatch exe=/usr/sbin/arpwatch
subj=unconfined_u:system_r:arpwatch_t:s0 key=(null)
Hash: arpwatch,arpwatch_t,arpwatch_t,netlink_socket,create
audit2allow
#============= arpwatch_t ==============
allow arpwatch_t self:netlink_socket create;
audit2allow -R
#============= arpwatch_t ==============
allow arpwatch_t self:netlink_socket create;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've tried generating a local policy for this using audit2allow but is
is failing with the following and the intermediate
'my-arpwatch-pol.pp.te' file consists of just the module declaration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# grep arpwatch /var/log/audit/audit.log | audit2allow -M
my-arpwatch-pol.pp
compilation failed:
my-arpwatch-pol.pp.te:6:ERROR 'syntax error' at token '' on line 6:
/usr/bin/checkmodule: error(s) encountered while parsing configuration
/usr/bin/checkmodule: loading policy configuration from
my-arpwatch-pol.pp.te
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've done several internet searches on this and the matching audit
failures all seem to point to a problem with the selinux-policy--and
that it was 'fixed' several releases ago. These packages look like their
up to date to me:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# rpm -qa | grep selinux-policy
selinux-policy-3.7.19-231.el6.noarch
selinux-policy-targeted-3.7.19-231.el6.noarch
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Not having arpwatch running isn't a big deal, but it's become really
annoying to me that I can't seem to fix it. Has anyone got this to work
and what did you do--or is this problem just on my systems?
Thank you and my best regards,
==> dave
|
|
|