2014-07-23 12:37 GMT+03:00 Robin Long <[email protected]>: > Hi Eero and Elias, > > So seeting it to cert_t worked, as did: > semanage fcontext -a -t etc_t "/etc/grid-security(/.*)?" > I chose etc_t as when I did an ls -Z the certificates folder had this to > begin with and was happy, where as the hostkeys and certs had admin_home. > > The output of audit2why is here, I do not understand it at all. > > # tail /var/log/audit/audit.log | audit2why > type=AVC msg=audit(1406108140.477:6317): avc: denied { search } for > pid=9753 comm=72733A6D61696E20513A526567 name="grid-security" dev=dm-0 > ino=131479 scontext=unconfined_u:system_r:syslogd_t:s0 > tcontext=unconfined_u:object_r:syslog_conf_t:s0 tclass=dir > > Was caused by: > Missing type enforcement (TE) allow rule. > > You can use audit2allow to generate a loadable module to allow > this access. > > type=AVC msg=audit(1406108140.479:6318): avc: denied { search } for > pid=9753 comm=72733A6D61696E20513A526567 name="grid-security" dev=dm-0 > ino=131479 scontext=unconfined_u:system_r:syslogd_t:s0 > tcontext=unconfined_u:object_r:syslog_conf_t:s0 tclass=dir > > Was caused by: > Missing type enforcement (TE) allow rule. > > You can use audit2allow to generate a loadable module to allow > this access. > > > I would like to understand SELinux and how to audit the problems, but I > have not found a good entry level guide. Usually the problems I have are > simple such as ssh-key permissions or httpd problems - google has always > had a solution, I just do not know how to get to these solutions myself. >
Read manual at : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/ -- Eero
