Bug 197195
Summary: | RIPd and zebra cannot save their configuration | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tomasz Kepczynski <tomek> |
Component: | quagga | Assignee: | Martin Bacovsky <mbacovsk> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh, infrastructure |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-07-31 16:37:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomasz Kepczynski
2006-06-29 06:09:13 UTC
Zebra also has this problem: gklab-59-001.igk.intel.com# write file Can't open configuration file /etc/quagga/zebra.conf.J62Xgg. gklab-59-001:/etc/quagga# ausearch -x zebra ---- time->Thu Jun 29 10:28:24 2006 type=PATH msg=audit(1151569704.894:101): item=0 name="/etc/quagga/zebra.conf.J62Xgg" parent=2525226 dev=fd:00 mode=040751 ouid=92 ogid=92 rdev=00:00 obj=system_u:object_r:zebra_conf_t:s0 type=CWD msg=audit(1151569704.894:101): cwd="/" type=SYSCALL msg=audit(1151569704.894:101): arch=40000003 syscall=5 success=no exit=-13 a0=8054470 a1=c2 a2=180 a3=e9c5e items=1 pid=5347 auid=43270 uid=92 gid=92 euid=92 suid=92 fsuid=92 egid=92 sgid=92 fsgid=92 tty=(none) comm="zebra" exe="/usr/sbin/zebra" subj=user_u:system_r:zebra_t:s0 type=AVC msg=audit(1151569704.894:101): avc: denied { write } for pid=5347 comm="zebra" name="quagga" dev=dm-0 ino=2525226 scontext=user_u:system_r:zebra_t:s0 tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir I guess that the rest of the deamons from the package also have this problem. One possible workaround is to disable SELinux with "setenforce 0" before writing configurartion and to enable it back with "setenforce 1" after, but this is far not the best way to configure routers. It would be great to have a rule for writing configuration in /usr/share/selinux/targeted/include/services/zebra.if setsebool -P allow_zebra_write_config=1 This selinux boolean should allow zebra to write its config file |