Hi list,
I solve the problem.
I matched some dontaudit rules running semanage -DB that help me to
solve the problem.
Thank you
Il 02/12/22 15:23, Alessandro Baggi ha scritto:
Hi Tony,
reading using tail -f /var/log/audit/audit.log during the error occours,
I obtain only this types but nothing about errors:
type=CRYPTO_KEY_USER
type=CRYPTO_SESSION
type=CRYPTO_SESSION
type=USER_AUTH
type=CRYPTO_KEY_USER
type=USER_ACCT
type=CRYPTO_KEY_USER
type=CRED_ACQ
type=LOGIN
type=SYSCALL
type=PROCTITLE
type=USER_ROLE_CHANGE
type=SERVICE_START
type=USER_ACCT
type=CRED_ACQ
type=USER_ROLE_CHANGE
type=LOGIN
type=SYSCALL
type=PROCTITLE
type=USER_START
type=ANOM_ABEND
type=SERVICE_START
type=USER_START
type=CRYPTO_KEY_USER
type=CRED_ACQ
type=USER_LOGIN
type=USER_START
type=CRYPTO_KEY_USER
type=CRYPTO_KEY_USER
type=CRYPTO_KEY_USER
type=USER_END
type=CRED_DISP
type=USER_END
type=USER_LOGOUT
type=CRYPTO_KEY_USER
type=SERVICE_STOP
The same is running 'ausearch -m ALL -ts recent' but with more lines.
I don't understand why, a permission denied is issued by my app, there
is no an AVC denial.
Il 02/12/22 12:36, Tony Albers ha scritto:
Hi Alessandro,
Ok, then you should try to tail /var/log/audit/audit.log to see what
happens in there. Your ausearch command migth have the wrong flags set
and therefore does not show you the errors. You might want to try
'ausearch -m ALL -ts recent' too.
HTH
/tony
On Fri, 2 Dec 2022 12:18:46 +0100
Alessandro Baggi <[email protected]> wrote:
Hi Tony,
I already tried to run SELinux in permissive mode and it works as
expected but when I enforce it, the program reports that error and there
are not AVC denied.
Il 02/12/22 12:04, Tony Albers ha scritto:
Hello,
First, try setting SELinux in permissive mode globally to see if
that changes anything:
root@host:# setenforce 0
The run your program and let it do what it wants to do. If you still
get errors, then SELinux is not the issue(at least not the whole
issue).
HTH
/tony
On Fri, 2 Dec 2022 11:24:53 +0100
Alessandro Baggi <[email protected]> wrote:
Hi,
I'm running AlmaLinux 9.1 on VM to play with SELinux and trying to
create a custom policy for an app. This app is written in Python and
wait files to be processed (uploaded via sftp from another host). It
read data from this file and then save them on postgresql DB. If
something is wrong with the data, it will send an email.
I followed this:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux
Generating a custom policy, a permissive line is inserted in the
policy:
permissive example_t;
that, if I'm not wrong, also if denials are found it runs the
policy as
permissive.
Commenting this line and reload the policy my program does not work
anymore and I receive this error:
psycopg2.connect(127.0.0.1): could not receive data from server:
Permission denied
could not send SSL negotiation packet: Permission denied
The strange thing is that if I run:
# ausearch -m AVC -ts recent
I don't receive new denied AVC.
I tried also to read PostgreSQL side logs but nothing useful.
Can someone point me in the right direction?
Thank you in advance.
_______________________________________________
AlmaLinux Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
AlmaLinux Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
