KS-Soft

Posted: **Tue Sep 16, 2014 2:04 am**

Hello,

I have couple of rma agents installed in my CentOS 6.5 hosts with Selinux enabled. These rma-agent is installed as requested by third party service provider.
Once in while rma-agent would stop working/not contactable by remote manager (?) and shifting through Selinux log i would find AVC errors such as these:

Code: Select all

type=AVC msg=audit(1410854252.845:124562): avc:  denied  { write } for  pid=5832 comm="ping" path="/var/run/rma.pid" dev=dm-0 ino=1835104 scontext=unconfined_u:system_r:ping_t:s0 tcontext=unconfined_u:object_r:initrc_var_run_t:s0 tclass=file

Short of writing my own custom TE, is there a pre-made selinux policy file for rma-agent on linux?

Thank you for any reply.

Regards,
Arashidi

Code: Select all

Posted: **Wed Sep 17, 2014 8:46 am**

Yesterday we tested RMA on CentOS using Permissive and Enforcing Selinux modes but we cannot reproduce such errors in the log.
What kind of tests and actions performed by this agent?

Short of writing my own custom TE, is there a pre-made selinux policy file for rma-agent on linux?

No, and we never tried to make such file, will need to read manuals...

Regards
Alex

Posted: **Wed Sep 17, 2014 5:41 pm**

Hi Alex,
Thanks for replying.
There are some kind of a set of tests it runs and being polled remotely and periodically. To be honest, this agent is installed into my systems on the request of a 3rd party vendor for a service we subscribe and frankly i don't have much detail what it does.

No, and we never tried to make such file, will need to read manuals...

I was afraid you're going to say that. The vendor I'm working with has shown no real amount of interest to look into this avc or perhaps looking into this at a more leisurely pace.

I suppose I'll have to dig into audit logs and have a run with this. Time to go check up Dan Walsh excellent posts.

KS-Soft

CentOS 6.5 rma-agent selinux avc

CentOS 6.5 rma-agent selinux avc