Re: Encrypted rsyslog

Wed, 23 Jul 2014 02:38:33 -0700 

Hi Eero and Elias,

So seeting it to cert_t worked, as did:
semanage fcontext -a -t etc_t "/etc/grid-security(/.*)?"
I chose etc_t as when I did an ls -Z the certificates folder had this to begin with and was happy, where as the hostkeys and certs had admin_home. 

The output of audit2why is here, I do not understand it at all.

# tail /var/log/audit/audit.log | audit2why

type=AVC msg=audit(1406108140.477:6317): avc:  denied  { search } for  
pid=9753 comm=72733A6D61696E20513A526567 name="grid-security" dev=dm-0 
ino=131479 scontext=unconfined_u:system_r:syslogd_t:s0 
tcontext=unconfined_u:object_r:syslog_conf_t:s0 tclass=dir


    Was caused by:
        Missing type enforcement (TE) allow rule.


        You can use audit2allow to generate a loadable module to allow 
this access.



type=AVC msg=audit(1406108140.479:6318): avc:  denied  { search } for  
pid=9753 comm=72733A6D61696E20513A526567 name="grid-security" dev=dm-0 
ino=131479 scontext=unconfined_u:system_r:syslogd_t:s0 
tcontext=unconfined_u:object_r:syslog_conf_t:s0 tclass=dir


    Was caused by:
        Missing type enforcement (TE) allow rule.


        You can use audit2allow to generate a loadable module to allow 
this access.




I would like to understand SELinux and how to audit the problems, but I 
have not found a good entry level guide.  Usually the problems I have 
are simple such as ssh-key permissions or httpd problems - google has 
always had a solution, I just do not know how to get to these solutions 
myself.


Regards,
Robin.


On 23/07/14 10:18, Elias Persson wrote:

On 2014-07-23 10:43, Robin Long wrote:

Hi Eero,

Thanks for the advice.  That command does not seem to work, it changes
the context from:

drwxr-x---. root root unconfined_u:object_r:etc_t:s0 certificates
-rw-r-----. root root unconfined_u:object_r:admin_home_t:s0 hostcert.pem
-rw-r-----. root root unconfined_u:object_r:admin_home_t:s0 hostkey.pem

to


drwxr-x---. root root unconfined_u:object_r:syslog_conf_t:s0 
certificates
-rw-r-----. root root unconfined_u:object_r:syslog_conf_t:s0 
hostcert.pem

-rw-r-----. root root unconfined_u:object_r:syslog_conf_t:s0 hostkey.pem

but then results in the error:

could not load module '/lib64/rsyslog/lmnsd_gtls.so', rsyslog error 
-2078


which usually translates as "cannot read your CA file".



What do you get from:

  tail /var/log/audit/audit.log | audit2why

(shortly after getting that error).























					Reply via email to