Aleksey Tsalolikhin
2010-Mar-19 01:05 UTC
[CentOS] How to disable selinux protection interfering with pppd? I tried audit2allow, but policy does not load. Is there an seboolean?
CentOS release 5.4 (Final)
I run pppd on this system, it accepts dial-in connections, logs people
in over ssh/sftp.
I had selinux disabled on this system originally, but I recently
enabled it, and selinux
is blocking this pppd service.
"audit2allow -M" has generated the following policy based on AVC
denial messages:
module fixdialinserver 1.0;
require {
type pppd_t;
type shadow_t;
type chkpwd_exec_t;
class file { read execute };
class netlink_audit_socket create;
}
#============= pppd_t =============allow pppd_t chkpwd_exec_t:file execute;
allow pppd_t self:netlink_audit_socket create;
allow pppd_t shadow_t:file read;
However, I am unable to load this module due to conflict with another policy:
# semodule -i fixdialinserver.pp
libsepol.check_assertion_helper: assertion on line 0 violated by allow
pppd_t shadow_t:file { read };
libsepol.check_assertions: 1 assertion violations occured
libsemanage.semanage_expand_sandbox: Expand module failed
semodule: Failed!
#
Is there an seboolean I can tweak to allow me to load this policy?
Thanks,
Aleksey
Possibly Parallel Threads
- pppd does not work if SELinux is turned on.
- Error from unix_chkpwd
- Centos 5 OpenVPN / SElinux
- How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
- Re: Livecd-creator is disabling selinux
Wisdom of the Ancients
