Bug 180746
Summary: | SELinux won't allow Quagga's ripd management through telnet | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Razvan Sandu <rsandu> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.27.1-2.25 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-03-21 01:41:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Razvan Sandu
2006-02-10 01:03:39 UTC
Are you seeing AVC Messages in the /var/log/audit/audit.log or /var/log/messages? (In reply to comment #1) > Are you seeing AVC Messages in the /var/log/audit/audit.log or /var/log/messages? Hello, I'm not a guru in SELinux ;-), but I noticed ripd won't start with SELinux in enforcing mode ("service ripd restart" fails). Here are the AVC messages (when doing "service ripd restart") type=AVC msg=audit(1140008372.143:1152): avc: denied { name_bind } for pid=12520 comm="ripd" src=520 scontext=root:system_r:zebra_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket type=SYSCALL msg=audit(1140008372.143:1152): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfb67110 a2=bfb67120 a3=0 items=0 pid=12520 auid=500 uid=92 gid=92 euid=92 suid=92 fsuid=92 egid=92 sgid=92 fsgid=92 comm="ripd" exe="/usr/sbin/ripd" type=SOCKADDR msg=audit(1140008372.143:1152): saddr=02000208000000000000000000000000 type=SOCKETCALL msg=audit(1140008372.143:1152): nargs=3 a0=5 a1=bfb67120 a2=10 Regards, Razvan Fixed in selinux-targeted-policy-1.27.1-2.25 |