Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
rsync and nscd broken in selinux-policy-targeted-1.25.3-12: msg#00125
|
Subject: |
rsync and nscd broken in selinux-policy-targeted-1.25.3-12 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm kindof new to SELinux, but have read enough info from the various FAQs
etc to try and follow what is going on.
I recently upgrade to selinux-policy-targeted-1.25.3-12 on my server (and
rebooted), and discovered subsequently that it broke nscd and rsyncd.
I'm not sure what is the exact problem nscd is having. rsyncd requires
chroot rights.
$ rsync rsync://localhost/Mirror/
@ERROR: chroot failed
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(420)
Output from sestatus:
- ---------------------
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 19
Policy from config file: targeted
dmesg|fgrep audit (edited):
- -----------------
audit(1125305372.102:2): avc: denied { create } for pid=1400
comm="nscd" scontext=system_u:system_r:nscd_t
tcontext=system_u:system_r:nscd_t tclass=netlink_audit_socket
audit(1125371048.190:11): avc: denied { sys_chroot } for pid=2479
comm="rsync" capability=18 scontext=system_u:system_r:rsync_t
tcontext=system_u:system_r:rsync_t tclass=capability
dmesg|audit2allow:
- -----------------
allow nscd_t self:netlink_audit_socket create;
allow rsync_t self:capability sys_chroot;
Should I wait for a new targeted policy release to address these problems
(if so, how soon?), or should I try to create a custom policy?
T.C.
- --
Wan Tat Chee (Senior Lecturer)
School of Computer Sciences, Univ. of Science Malaysia,
11800 USM, Penang, Malaysia. Rm.625 Ofc Ph: +604 653-3888 x 3617
NRG Lab Admin: +604 659-4757 Rm.601-F Ofc Ph: +604 653-4396
Internet: tcwan@xxxxxxxxx Web: http://nrg.cs.usm.my/~tcwan
GPG Key : http://nrg.cs.usm.my/~tcwan/tcwan-nrg-20040805.asc
F'print : 4B2E F0BF AAD7 2F51 CB41 4386 F72B 7859 8278 BDC4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDE85a9yt4WYJ4vcQRAm8TAJ0bnj1uY6bUbGqkrTitHDgfacuBrwCfUmEk
isxxEsd2oG+7QAh4LTtZegU=
=UQM2
-----END PGP SIGNATURE-----
|
| |
