[CentOS] Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule

Sun Oct 26 04:10:23 UTC 2014
admin <admin at coldnorthadmin.com>

I've just recreated the module and enabled it, yet I can't seem to allow 
fping to be used by the httpd process. It seems that the last error was 
just a byproduct of a bad module I had not properly removed. Are there 
any additional troubleshooting steps I could try?

What I've done so far :

1) grep fping /var/log/audit/audit.log | audit2allow -M observium_fping
2) semodule -i observium_fping.pp

3) semodule -l | grep fping
**
fping   1.0
observium_fping 1.0
**

4) cat /var/log/audit/audit.log | grep fping

type=AVC msg=audit(1414295291.964:357): avc:  denied  { create } for  
pid=5283 comm="fping" scontext=unconfined_u:system_r:httpd_t:s0 
tcontext=unconfined_u:system_r:httpd_t:s0 tclass=rawip_socket
type=SYSCALL msg=audit(1414295291.964:357): arch=c000003e syscall=41 
success=no exit=-13 a0=2 a1=3 a2=1 a3=7fff871b1790 items=0 ppid=5282 
pid=5283 auid=500 uid=48 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48 
fsgid=48 tty=(none) ses=1 comm="fping" exe="/usr/sbin/fping" 
subj=unconfined_u:system_r:httpd_t:s0 key=(null)



On 10/25/2014 8:30 PM, Greg Lindahl wrote:
> On Sat, Oct 25, 2014 at 04:22:38PM -0400, admin wrote:
>
>> #!!!! This avc is allowed in the current policy
>> allow httpd_t self:capability net_raw;
>> allow httpd_t self:rawip_socket create;
> This confusing output means that the first "allow" line is in the
> current policy, and the second is not.
>
> -- greg
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos