LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

July 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS July 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Encrypted rsyslog
From:	Robin Long <[log in to unmask]>
Reply To:	Robin Long <[log in to unmask]>
Date:	Wed, 23 Jul 2014 10:37:51 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (75 lines)

Hi Eero and Elias,

So seeting it to cert_t worked, as did:
semanage fcontext -a -t etc_t "/etc/grid-security(/.*)?"
I chose etc_t as when I did an ls -Z the certificates folder had this to 
begin with and was happy, where as the hostkeys and certs had admin_home.

The output of audit2why is here, I do not understand it at all.

# tail /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1406108140.477:6317): avc:  denied  { search } for  
pid=9753 comm=72733A6D61696E20513A526567 name="grid-security" dev=dm-0 
ino=131479 scontext=unconfined_u:system_r:syslogd_t:s0 
tcontext=unconfined_u:object_r:syslog_conf_t:s0 tclass=dir

     Was caused by:
         Missing type enforcement (TE) allow rule.

         You can use audit2allow to generate a loadable module to allow 
this access.

type=AVC msg=audit(1406108140.479:6318): avc:  denied  { search } for  
pid=9753 comm=72733A6D61696E20513A526567 name="grid-security" dev=dm-0 
ino=131479 scontext=unconfined_u:system_r:syslogd_t:s0 
tcontext=unconfined_u:object_r:syslog_conf_t:s0 tclass=dir

     Was caused by:
         Missing type enforcement (TE) allow rule.

         You can use audit2allow to generate a loadable module to allow 
this access.

I would like to understand SELinux and how to audit the problems, but I 
have not found a good entry level guide.  Usually the problems I have 
are simple such as ssh-key permissions or httpd problems - google has 
always had a solution, I just do not know how to get to these solutions 
myself.

Regards,
Robin.

On 23/07/14 10:18, Elias Persson wrote:
> On 2014-07-23 10:43, Robin Long wrote:
>> Hi Eero,
>>
>> Thanks for the advice.  That command does not seem to work, it changes
>> the context from:
>>
>> drwxr-x---. root root unconfined_u:object_r:etc_t:s0 certificates
>> -rw-r-----. root root unconfined_u:object_r:admin_home_t:s0 hostcert.pem
>> -rw-r-----. root root unconfined_u:object_r:admin_home_t:s0 hostkey.pem
>>
>> to
>>
>> drwxr-x---. root root unconfined_u:object_r:syslog_conf_t:s0 
>> certificates
>> -rw-r-----. root root unconfined_u:object_r:syslog_conf_t:s0 
>> hostcert.pem
>> -rw-r-----. root root unconfined_u:object_r:syslog_conf_t:s0 hostkey.pem
>>
>> but then results in the error:
>> could not load module '/lib64/rsyslog/lmnsd_gtls.so', rsyslog error 
>> -2078
>>
>> which usually translates as "cannot read your CA file".
>>
>
> What do you get from:
>
>   tail /var/log/audit/audit.log | audit2why
>
> (shortly after getting that error).

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV