Description of problem: I've been running radiusd for years, and after I rebooted my system radiusd no longer starts. I now get the following error: SELinux is preventing /usr/sbin/radiusd from using the ptrace access on a process. Version-Release number of selected component (if applicable): 3.0.9-1.fc22 How reproducible: Everytime I start radiusd Steps to Reproduce: 1. systemctl start radiusd 2. 3. Actual results: SELinux is preventing /usr/sbin/radiusd from using the ptrace access on a process. Expected results: radiusd should start. Additional info: Just a note that radiusd does not start on boot, and never has. It must be started manually after boot. I marked this as high as I use radiusd for authentication to my Cisco hardware.
I created and installed the policy module for this alert. I tried to restart radiusd and I got another alert this time for sys_ptrace. I wasn't sure if I should create a separate bug for the sys_ptrace issue
Thank you for the report. Could you please post "radiusd -X" output for this issue, plus the contents of your /etc/raddb directory (scrubbed, if necessary), or at least just /etc/raddb/radiusd.conf. Thank you.
radiusd -X will not trigger the alert. I get the error described in bug 1291006. Only doing systemctl start radiusd triggers the SElinux alert.
Some additional information. After fixing the problem described in bug 1291006 I now get the alert for ptrace and a new SElinux alert for execmem, but radiusd does run. I am going to file a bug against the execmem issue, since this is a new issue.
Understood, thank you. Could you please post the contents of your /etc/raddb directory (scrubbed, if necessary), or at least just /etc/raddb/radiusd.conf?
Created attachment 1107222 [details] radiusd.conf Attached radiusd.conf
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.