FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-10-2009, 04:28 PM
Bob McConnell
 
Default An error message I don't recognize

I have recently been told I will have to maintain some CentOS servers at
work. Since I have only been using Slackware for the last 16 years, I
decided to install CentOS on one of my servers at home to get an idea of
the differences. I installed CentOS 5.4 from CD with no problems, did a
yum update, set up a couple of samba shares and started to copy over
some files from one of my other servers.

Everything looks ok, but I keep seeing this message on the active
console. I have no idea where it comes from nor what it means.

type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
comm="smbd" path="/proc/sys/fs/binfmt_misc" dev=binfmt_misc ino=4348
scontext=root:system_r:smbd_t:s0
tcontext=system_ubject_r:binfmt_misc_fs_t:s0 tclass=dir

What is it, what is triggering it and how do I fix it?

Thanks,

Bob McConnell
N2SPP
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2009, 04:35 PM
Benjamin Franz
 
Default An error message I don't recognize

Bob McConnell wrote:
> [...]
> Everything looks ok, but I keep seeing this message on the active
> console. I have no idea where it comes from nor what it means.
>
> type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
> comm="smbd" path="/proc/sys/fs/binfmt_misc" dev=binfmt_misc ino=4348
> scontext=root:system_r:smbd_t:s0
> tcontext=system_ubject_r:binfmt_misc_fs_t:s0 tclass=dir
>
>

It's selinux.

See
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-selinux.html

--
Benjamin Franz


--
Benjamin Franz

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2009, 04:38 PM
 
Default An error message I don't recognize

> I have recently been told I will have to maintain some CentOS servers at
> work. Since I have only been using Slackware for the last 16 years, I
> decided to install CentOS on one of my servers at home to get an idea of
> the differences. I installed CentOS 5.4 from CD with no problems, did a
> yum update, set up a couple of samba shares and started to copy over
> some files from one of my other servers.
>
> Everything looks ok, but I keep seeing this message on the active
> console. I have no idea where it comes from nor what it means.
>
> type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
> comm="smbd" path="/proc/sys/fs/binfmt_misc" dev=binfmt_misc ino=4348
> scontext=root:system_r:smbd_t:s0
> tcontext=system_ubject_r:binfmt_misc_fs_t:s0 tclass=dir
>
> What is it, what is triggering it and how do I fix it?
>
selinux.

For your machine at home, you may want to just turn it off; if you really
want to see what might be going on at work, set it to permissive, which
will let it all happen, but gripe.

setenforce 0
turns it off.
Edit /etc/selinux/config to fix it over reboots.

Also look at /var/log/audit/audit.log. It will get the error, and tell you
to run sealert to see what the error's complaining about.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2009, 05:35 PM
Bob McConnell
 
Default An error message I don't recognize

Benjamin Franz wrote:
> Bob McConnell wrote:
>> [...]
>> Everything looks ok, but I keep seeing this message on the active
>> console. I have no idea where it comes from nor what it means.
>>
>> type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
>> comm="smbd" path="/proc/sys/fs/binfmt_misc" dev=binfmt_misc ino=4348
>> scontext=root:system_r:smbd_t:s0
>> tcontext=system_ubject_r:binfmt_misc_fs_t:s0 tclass=dir
>>
>>
>
> It's selinux.
>

Thank you for that link. Looks like I have some reading to do. I do know
they have it enabled on the production servers I will be duplicating, so
I'll have to figure out whether we need it on the development and test
servers or not.

I also have a problem with syslogd. I added '-r' to SYSLOGD_OPTIONS in
/etc/rc.d/init.d/syslog, but after a restart it still won't accept
network traffic, and that flag doesn't show up in the command line in
the 'ps ax' dump. What do I have to do to enable traffic into syslogd
from my firewall and other servers?

This machine will be replacing an older Slackware 7 server once I get
the wrinkles worked out.

Thank you,

Bob McConnell
N2SPP
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2009, 06:07 PM
Tony Molloy
 
Default An error message I don't recognize

On Thursday 10 December 2009 17:28:45 Bob McConnell wrote:
> I have recently been told I will have to maintain some CentOS servers at
> work. Since I have only been using Slackware for the last 16 years, I
> decided to install CentOS on one of my servers at home to get an idea of
> the differences. I installed CentOS 5.4 from CD with no problems, did a
> yum update, set up a couple of samba shares and started to copy over
> some files from one of my other servers.
>
> Everything looks ok, but I keep seeing this message on the active
> console. I have no idea where it comes from nor what it means.
>
> type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
> comm="smbd" path="/proc/sys/fs/binfmt_misc" dev=binfmt_misc ino=4348
> scontext=root:system_r:smbd_t:s0
> tcontext=system_ubject_r:binfmt_misc_fs_t:s0 tclass=dir
>
> What is it, what is triggering it and how do I fix it?
>

It's a selinux denial. Selinux is permissive/enforcing on the system.

# sestatus

will tell you which.

It's got something to do with samba "comm="smbd""
trying to access the file "path="/proc/sys/fs/binfmt_misc"" Don't know why it
would want to do that.

Try this

# sealert -b

This will dispaly all the AVC's graphically. Look for one from smbd. This
will give you the full AVC and possibly suggest a way to fix it.

Tony



> Thanks,
>
> Bob McConnell
> N2SPP
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos



--

Dept. of Comp. Sci.
University of Limerick.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2009, 06:40 PM
Benjamin Franz
 
Default An error message I don't recognize

Bob McConnell wrote:
> I also have a problem with syslogd. I added '-r' to SYSLOGD_OPTIONS in
> /etc/rc.d/init.d/syslog, but after a restart it still won't accept
> network traffic, and that flag doesn't show up in the command line in
> the 'ps ax' dump. What do I have to do to enable traffic into syslogd
> from my firewall and other servers?

You need to edit /etc/sysconfig/syslog

That is a general pattern for CentOS5 - look for options to be set in a
file in the /etc/sysconfig directory.

--
Benjamin Franz

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2009, 10:42 PM
Bob McConnell
 
Default An error message I don't recognize

Benjamin Franz wrote:
> Bob McConnell wrote:
>> I also have a problem with syslogd. I added '-r' to SYSLOGD_OPTIONS in
>> /etc/rc.d/init.d/syslog, but after a restart it still won't accept
>> network traffic, and that flag doesn't show up in the command line in
>> the 'ps ax' dump. What do I have to do to enable traffic into syslogd
>> from my firewall and other servers?
>
> You need to edit /etc/sysconfig/syslog
>
> That is a general pattern for CentOS5 - look for options to be set in a
> file in the /etc/sysconfig directory.
>

Thank you, I am now getting log records over the network.

Bob McConnell
N2SPP

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org