[CentOS] CentOS 5 + Quagga + SELinux

Wed Mar 5 00:56:13 UTC 2014
SilverTip257 <silvertip257 at gmail.com>

Hello All,

Does anyone happen to be running Quagga on CentOS 5 with SELinux in
enforcing mode?
Have you had to create SELinux policies or did it "just work" out of the
box?

(I'll get around to building this out on CentOS 6 as well.)

I'm simply trying to write my config (for the zebra daemon) and it can't be
written...


Looks like this bug from Fedora 8 in 2008 [0] remains (or one similar to it
spawned).
And the problem was present in 2010 per the CentOS forums [1].

I'm not opposed to creating SELinux policies and I may do just that (or run
around in Permissive mode!).  But it'd be awesome if upstream included
policies for quagga since quagga is software they package.

Maybe Dan Walsh will hop in on this. ;-)

[0] https://bugzilla.redhat.com/show_bug.cgi?id=429252
[1] https://www.centos.org/forums/viewtopic.php?t=21040


type=AVC msg=audit(1393980136.848:15): avc:  denied  { add_name } for
 pid=2646 comm="zebra" name="zebra.conf.CxNsyz"
scontext=root:system_r:zebra_t:s0
tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir
type=SYSCALL msg=audit(1393980136.848:15): arch=40000003 syscall=5
success=no exit=-13 a0=8512960 a1=c2 a2=180 a3=1e6a6 items=0 ppid=1
pid=2646 auid=0 uid=92 gid=92 euid=92 suid=92 fsuid=92 egid=92 sgid=92
fsgid=92 tty=(none) ses=1 comm="zebra" exe="/usr/sbin/zebra"
subj=root:system_r:zebra_t:s0 key=(null)

~]# ls -Z /etc/quagga/
-rw-r--r--  root   root     system_u:object_r:zebra_conf_t
bgpd.conf.sample
-rw-r--r--  root   root     system_u:object_r:zebra_conf_t
bgpd.conf.sample2
-rw-r--r--  root   root     system_u:object_r:zebra_conf_t
ospf6d.conf.sample
-rw-r--r--  root   root     system_u:object_r:zebra_conf_t
ospfd.conf.sample
-rw-r--r--  root   root     system_u:object_r:zebra_conf_t
ripd.conf.sample
-rw-r--r--  root   root     system_u:object_r:zebra_conf_t
ripngd.conf.sample
-rw-r-----  quagga quaggavt root:object_r:zebra_conf_t       vtysh.conf
-rwxr-x---  quagga quaggavt system_u:object_r:zebra_conf_t
vtysh.conf.sample
-rw-------  quagga quagga   root:object_r:zebra_conf_t       zebra.conf
-rw-r--r--  root   root     system_u:object_r:zebra_conf_t
zebra.conf.sample
-rw-r-----  quagga quaggavt root:object_r:zebra_conf_t       zebra.conf.sav


-- 
---~~.~~---
Mike
//  SilverTip257  //