[CentOS] Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule
admin
admin at coldnorthadmin.com
Sun Oct 26 04:10:23 UTC 2014
I've just recreated the module and enabled it, yet I can't seem to allow
fping to be used by the httpd process. It seems that the last error was
just a byproduct of a bad module I had not properly removed. Are there
any additional troubleshooting steps I could try?
What I've done so far :
1) grep fping /var/log/audit/audit.log | audit2allow -M observium_fping
2) semodule -i observium_fping.pp
3) semodule -l | grep fping
**
fping 1.0
observium_fping 1.0
**
4) cat /var/log/audit/audit.log | grep fping
type=AVC msg=audit(1414295291.964:357): avc: denied { create } for
pid=5283 comm="fping" scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:system_r:httpd_t:s0 tclass=rawip_socket
type=SYSCALL msg=audit(1414295291.964:357): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=1 a3=7fff871b1790 items=0 ppid=5282
pid=5283 auid=500 uid=48 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48
fsgid=48 tty=(none) ses=1 comm="fping" exe="/usr/sbin/fping"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
On 10/25/2014 8:30 PM, Greg Lindahl wrote:
> On Sat, Oct 25, 2014 at 04:22:38PM -0400, admin wrote:
>
>> #!!!! This avc is allowed in the current policy
>> allow httpd_t self:capability net_raw;
>> allow httpd_t self:rawip_socket create;
> This confusing output means that the first "allow" line is in the
> current policy, and the second is not.
>
> -- greg
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list