Aleksey Tsalolikhin
2010-Mar-19 01:05 UTC
[CentOS] How to disable selinux protection interfering with pppd? I tried audit2allow, but policy does not load. Is there an seboolean?
CentOS release 5.4 (Final) I run pppd on this system, it accepts dial-in connections, logs people in over ssh/sftp. I had selinux disabled on this system originally, but I recently enabled it, and selinux is blocking this pppd service. "audit2allow -M" has generated the following policy based on AVC denial messages: module fixdialinserver 1.0; require { type pppd_t; type shadow_t; type chkpwd_exec_t; class file { read execute }; class netlink_audit_socket create; } #============= pppd_t =============allow pppd_t chkpwd_exec_t:file execute; allow pppd_t self:netlink_audit_socket create; allow pppd_t shadow_t:file read; However, I am unable to load this module due to conflict with another policy: # semodule -i fixdialinserver.pp libsepol.check_assertion_helper: assertion on line 0 violated by allow pppd_t shadow_t:file { read }; libsepol.check_assertions: 1 assertion violations occured libsemanage.semanage_expand_sandbox: Expand module failed semodule: Failed! # Is there an seboolean I can tweak to allow me to load this policy? Thanks, Aleksey
Apparently Analagous Threads
- pppd does not work if SELinux is turned on.
- Error from unix_chkpwd
- Centos 5 OpenVPN / SElinux
- How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
- Re: Livecd-creator is disabling selinux