FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-05-2010, 07:47 PM
Aleksey Tsalolikhin
 
Default pppd does not work if SELinux is turned on.

On Thu, Mar 18, 2010 at 6:05 PM, Aleksey Tsalolikhin
<atsaloli.tech@gmail.com> wrote:
> CentOS release 5.4 (Final)
>
> I run pppd on this system, it accepts dial-in connections, logs people
> in over ssh/sftp.
>
> I had selinux disabled on this system originally, but I recently
> enabled it, and selinux
> is blocking this pppd service.
>
> "audit2allow -M" has generated the following policy based on AVC
> denial messages:
>
>
> module fixdialinserver 1.0;
>
> require {
> * * * *type pppd_t;
> * * * *type shadow_t;
> * * * *type chkpwd_exec_t;
> * * * *class file { read execute };
> * * * *class netlink_audit_socket create;
> }
>
> #============= pppd_t ==============
> allow pppd_t chkpwd_exec_t:file execute;
> allow pppd_t self:netlink_audit_socket create;
> allow pppd_t shadow_t:file read;
>
>
> However, I am unable to load this module due to conflict with another policy:
>
> # semodule -i fixdialinserver.pp
> libsepol.check_assertion_helper: assertion on line 0 violated by allow
> pppd_t shadow_t:file { read };
> libsepol.check_assertions: 1 assertion violations occured
> libsemanage.semanage_expand_sandbox: Expand module failed
> semodule: *Failed!
> #
>
> Is there an seboolean I can tweak to allow me to load this policy?

I used "getsebool -a |grep ppp" to find and enable the following three
selinux booleans:

pppd_can_insmod --> on
pppd_disable_trans --> on
pppd_for_user --> on

However pppd still does not work and policy still fails to load.

Any suggestions?

Thanks,
Aleksey
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 11:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org