View previous topic :: View next topic |
Author |
Message |
arashidi
Joined: 16 Sep 2014 Posts: 2
|
Posted: Tue Sep 16, 2014 2:04 am Post subject: CentOS 6.5 rma-agent selinux avc |
|
|
Hello,
I have couple of rma agents installed in my CentOS 6.5 hosts with Selinux enabled. These rma-agent is installed as requested by third party service provider.
Once in while rma-agent would stop working/not contactable by remote manager (?) and shifting through Selinux log i would find AVC errors such as these:
Code: | type=AVC msg=audit(1410854252.845:124562): avc: denied { write } for pid=5832 comm="ping" path="/var/run/rma.pid" dev=dm-0 ino=1835104 scontext=unconfined_u:system_r:ping_t:s0 tcontext=unconfined_u:object_r:initrc_var_run_t:s0 tclass=file |
Short of writing my own custom TE, is there a pre-made selinux policy file for rma-agent on linux?
Thank you for any reply.
Regards,
Arashidi |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12815 Location: USA
|
Posted: Wed Sep 17, 2014 8:46 am Post subject: |
|
|
Yesterday we tested RMA on CentOS using Permissive and Enforcing Selinux modes but we cannot reproduce such errors in the log.
What kind of tests and actions performed by this agent?
Quote: | Short of writing my own custom TE, is there a pre-made selinux policy file for rma-agent on linux? |
No, and we never tried to make such file, will need to read manuals...
Regards
Alex |
|
Back to top |
|
|
arashidi
Joined: 16 Sep 2014 Posts: 2
|
Posted: Wed Sep 17, 2014 5:41 pm Post subject: |
|
|
Hi Alex,
Thanks for replying.
There are some kind of a set of tests it runs and being polled remotely and periodically. To be honest, this agent is installed into my systems on the request of a 3rd party vendor for a service we subscribe and frankly i don't have much detail what it does.
Quote: | No, and we never tried to make such file, will need to read manuals... |
I was afraid you're going to say that. The vendor I'm working with has shown no real amount of interest to look into this avc or perhaps looking into this at a more leisurely pace.
I suppose I'll have to dig into audit logs and have a run with this. Time to go check up Dan Walsh excellent posts. |
|
Back to top |
|
|
|