KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

CentOS 6.5 rma-agent selinux avc

 
Post new topic   Reply to topic    KS-Soft Forum Index -> RMA for UNIX
View previous topic :: View next topic  
Author Message
arashidi



Joined: 16 Sep 2014
Posts: 2

PostPosted: Tue Sep 16, 2014 2:04 am    Post subject: CentOS 6.5 rma-agent selinux avc Reply with quote

Hello,

I have couple of rma agents installed in my CentOS 6.5 hosts with Selinux enabled. These rma-agent is installed as requested by third party service provider.
Once in while rma-agent would stop working/not contactable by remote manager (?) and shifting through Selinux log i would find AVC errors such as these:

Code:
type=AVC msg=audit(1410854252.845:124562): avc:  denied  { write } for  pid=5832 comm="ping" path="/var/run/rma.pid" dev=dm-0 ino=1835104 scontext=unconfined_u:system_r:ping_t:s0 tcontext=unconfined_u:object_r:initrc_var_run_t:s0 tclass=file


Short of writing my own custom TE, is there a pre-made selinux policy file for rma-agent on linux?

Thank you for any reply.

Regards,
Arashidi
Code:
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 11782
Location: USA

PostPosted: Wed Sep 17, 2014 8:46 am    Post subject: Reply with quote

Yesterday we tested RMA on CentOS using Permissive​ and Enforcing Selinux modes but we cannot reproduce such errors in the log.
What kind of tests and actions performed by this agent?

Quote:
Short of writing my own custom TE, is there a pre-made selinux policy file for rma-agent on linux?

No, and we never tried to make such file, will need to read manuals...

Regards
Alex
Back to top
View user's profile Send private message Send e-mail Visit poster's website
arashidi



Joined: 16 Sep 2014
Posts: 2

PostPosted: Wed Sep 17, 2014 5:41 pm    Post subject: Reply with quote

Hi Alex,
Thanks for replying.
There are some kind of a set of tests it runs and being polled remotely and periodically. To be honest, this agent is installed into my systems on the request of a 3rd party vendor for a service we subscribe and frankly i don't have much detail what it does.

Quote:
No, and we never tried to make such file, will need to read manuals...


I was afraid you're going to say that. The vendor I'm working with has shown no real amount of interest to look into this avc or perhaps looking into this at a more leisurely pace.

I suppose I'll have to dig into audit logs and have a run with this. Time to go check up Dan Walsh excellent posts.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> RMA for UNIX All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index