RE: Failed disabling Core Dumps on RHEL - SELinux Updates
Bugzilla submitted: Bug 610812 https://bugzilla.redhat.com/show_bug.cgi?id=610812 Ben -Original Message- From: freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org] On Behalf Of John Dennis Sent: Wednesday, June 30, 2010 2:32 PM To: FreeRadius users mailing list Subject: Re: Failed disabling Core Dumps on RHEL - SELinux Updates On 06/30/2010 03:06 PM, Ben Wiechman wrote: Despite the fact that this was against 2.1.9, not the freeradius2 rpm that is available with RHEL? Yes. It's a policy problem and it needs to get fixed. We'll eventually ship 2.1.9 or the core dump fix back ported to an earlier version, it would be nice to know the SELinux policy would just support it when we do ship it. For those like yourself who built 2.1.9 wouldn't it be nice to know the SELinux policy supports it? -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Failed disabling Core Dumps on RHEL - SELinux Updates
Will do, just wanted to verify. Ben -Original Message- From: freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org] On Behalf Of John Dennis Sent: Wednesday, June 30, 2010 2:32 PM To: FreeRadius users mailing list Subject: Re: Failed disabling Core Dumps on RHEL - SELinux Updates On 06/30/2010 03:06 PM, Ben Wiechman wrote: Despite the fact that this was against 2.1.9, not the freeradius2 rpm that is available with RHEL? Yes. It's a policy problem and it needs to get fixed. We'll eventually ship 2.1.9 or the core dump fix back ported to an earlier version, it would be nice to know the SELinux policy would just support it when we do ship it. For those like yourself who built 2.1.9 wouldn't it be nice to know the SELinux policy supports it? -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed disabling Core Dumps on RHEL - SELinux Updates
Ben Wiechman wrote: A note for those that may run into this as well. When updating FR to 2.1.9 on RHEL/CentOS with SELinux enabled FreeRADIUS would log the following when it was started: Wed Jun 2 16:19:57 2010 : Error: Failed disabling core dumps: Permission denied To resolve I had to install the following modifications to the default SELinux policy ... This allowed the daemon to properly disable core dumps. Hmm security policies that prevent systems from increasing the security of the system. Nice. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed disabling Core Dumps on RHEL - SELinux Updates
On 06/30/2010 10:29 AM, Ben Wiechman wrote: A note for those that may run into this as well. When updating FR to 2.1.9 on RHEL/CentOS with SELinux enabled FreeRADIUS would log the following when it was started: Wed Jun 2 16:19:57 2010 : Error: Failed disabling core dumps: Permission denied Please file a bugzilla against selinux policy. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Failed disabling Core Dumps on RHEL - SELinux Updates
Despite the fact that this was against 2.1.9, not the freeradius2 rpm that is available with RHEL? Ben -Original Message- From: freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org] On Behalf Of John Dennis Sent: Wednesday, June 30, 2010 9:56 AM To: FreeRadius users mailing list Subject: Re: Failed disabling Core Dumps on RHEL - SELinux Updates On 06/30/2010 10:29 AM, Ben Wiechman wrote: A note for those that may run into this as well. When updating FR to 2.1.9 on RHEL/CentOS with SELinux enabled FreeRADIUS would log the following when it was started: Wed Jun 2 16:19:57 2010 : Error: Failed disabling core dumps: Permission denied Please file a bugzilla against selinux policy. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed disabling Core Dumps on RHEL - SELinux Updates
On 06/30/2010 03:06 PM, Ben Wiechman wrote: Despite the fact that this was against 2.1.9, not the freeradius2 rpm that is available with RHEL? Yes. It's a policy problem and it needs to get fixed. We'll eventually ship 2.1.9 or the core dump fix back ported to an earlier version, it would be nice to know the SELinux policy would just support it when we do ship it. For those like yourself who built 2.1.9 wouldn't it be nice to know the SELinux policy supports it? -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed disabling Core Dumps on RHEL - SELinux Updates
Hi, Yes. It's a policy problem and it needs to get fixed. We'll eventually ship 2.1.9 or the core dump fix back ported to an earlier version, it would be nice to know the SELinux policy would just support it when we do ship it. For those like yourself who built 2.1.9 wouldn't it be nice to know the SELinux policy supports it? those that install things from source usually have to fight SELinux all over the place ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
