[CentOS] An error message I don't recognize
I have recently been told I will have to maintain some CentOS servers at
work. Since I have only been using Slackware for the last 16 years, I
decided to install CentOS on one of my servers at home to get an idea of
the differences. I installed CentOS 5.4 from CD with no problems, did a
yum update, set up a couple of samba shares and started to copy over
some files from one of my other servers.
Everything looks ok, but I keep seeing this message on the active
console. I have no idea where it comes from nor what it means.
type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
comm=smbd path=/proc/sys/fs/binfmt_misc dev=binfmt_misc ino=4348
scontext=root:system_r:smbd_t:s0
tcontext=system_u:object_r:binfmt_misc_fs_t:s0 tclass=dir
What is it, what is triggering it and how do I fix it?
Thanks,
Bob McConnell
N2SPP
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] An error message I don't recognize
Bob McConnell wrote:
[...]
Everything looks ok, but I keep seeing this message on the active
console. I have no idea where it comes from nor what it means.
type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
comm=smbd path=/proc/sys/fs/binfmt_misc dev=binfmt_misc ino=4348
scontext=root:system_r:smbd_t:s0
tcontext=system_u:object_r:binfmt_misc_fs_t:s0 tclass=dir
It's selinux.
See
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-selinux.html
--
Benjamin Franz
--
Benjamin Franz
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] An error message I don't recognize
I have recently been told I will have to maintain some CentOS servers at
work. Since I have only been using Slackware for the last 16 years, I
decided to install CentOS on one of my servers at home to get an idea of
the differences. I installed CentOS 5.4 from CD with no problems, did a
yum update, set up a couple of samba shares and started to copy over
some files from one of my other servers.
Everything looks ok, but I keep seeing this message on the active
console. I have no idea where it comes from nor what it means.
type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
comm=smbd path=/proc/sys/fs/binfmt_misc dev=binfmt_misc ino=4348
scontext=root:system_r:smbd_t:s0
tcontext=system_u:object_r:binfmt_misc_fs_t:s0 tclass=dir
What is it, what is triggering it and how do I fix it?
selinux.
For your machine at home, you may want to just turn it off; if you really
want to see what might be going on at work, set it to permissive, which
will let it all happen, but gripe.
setenforce 0
turns it off.
Edit /etc/selinux/config to fix it over reboots.
Also look at /var/log/audit/audit.log. It will get the error, and tell you
to run sealert to see what the error's complaining about.
mark
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] An error message I don't recognize
Benjamin Franz wrote:
Bob McConnell wrote:
[...]
Everything looks ok, but I keep seeing this message on the active
console. I have no idea where it comes from nor what it means.
type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
comm=smbd path=/proc/sys/fs/binfmt_misc dev=binfmt_misc ino=4348
scontext=root:system_r:smbd_t:s0
tcontext=system_u:object_r:binfmt_misc_fs_t:s0 tclass=dir
It's selinux.
Thank you for that link. Looks like I have some reading to do. I do know
they have it enabled on the production servers I will be duplicating, so
I'll have to figure out whether we need it on the development and test
servers or not.
I also have a problem with syslogd. I added '-r' to SYSLOGD_OPTIONS in
/etc/rc.d/init.d/syslog, but after a restart it still won't accept
network traffic, and that flag doesn't show up in the command line in
the 'ps ax' dump. What do I have to do to enable traffic into syslogd
from my firewall and other servers?
This machine will be replacing an older Slackware 7 server once I get
the wrinkles worked out.
Thank you,
Bob McConnell
N2SPP
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] An error message I don't recognize
On Thursday 10 December 2009 17:28:45 Bob McConnell wrote:
I have recently been told I will have to maintain some CentOS servers at
work. Since I have only been using Slackware for the last 16 years, I
decided to install CentOS on one of my servers at home to get an idea of
the differences. I installed CentOS 5.4 from CD with no problems, did a
yum update, set up a couple of samba shares and started to copy over
some files from one of my other servers.
Everything looks ok, but I keep seeing this message on the active
console. I have no idea where it comes from nor what it means.
type=1400 audit(1260446462.444:9): avc: denied { getattr } for pid=2200
comm=smbd path=/proc/sys/fs/binfmt_misc dev=binfmt_misc ino=4348
scontext=root:system_r:smbd_t:s0
tcontext=system_u:object_r:binfmt_misc_fs_t:s0 tclass=dir
What is it, what is triggering it and how do I fix it?
It's a selinux denial. Selinux is permissive/enforcing on the system.
# sestatus
will tell you which.
It's got something to do with samba comm=smbd
trying to access the file path=/proc/sys/fs/binfmt_misc Don't know why it
would want to do that.
Try this
# sealert -b
This will dispaly all the AVC's graphically. Look for one from smbd. This
will give you the full AVC and possibly suggest a way to fix it.
Tony
Thanks,
Bob McConnell
N2SPP
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
Dept. of Comp. Sci.
University of Limerick.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] An error message I don't recognize
Bob McConnell wrote: I also have a problem with syslogd. I added '-r' to SYSLOGD_OPTIONS in /etc/rc.d/init.d/syslog, but after a restart it still won't accept network traffic, and that flag doesn't show up in the command line in the 'ps ax' dump. What do I have to do to enable traffic into syslogd from my firewall and other servers? You need to edit /etc/sysconfig/syslog That is a general pattern for CentOS5 - look for options to be set in a file in the /etc/sysconfig directory. -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] An error message I don't recognize
Benjamin Franz wrote: Bob McConnell wrote: I also have a problem with syslogd. I added '-r' to SYSLOGD_OPTIONS in /etc/rc.d/init.d/syslog, but after a restart it still won't accept network traffic, and that flag doesn't show up in the command line in the 'ps ax' dump. What do I have to do to enable traffic into syslogd from my firewall and other servers? You need to edit /etc/sysconfig/syslog That is a general pattern for CentOS5 - look for options to be set in a file in the /etc/sysconfig directory. Thank you, I am now getting log records over the network. Bob McConnell N2SPP ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
