hobbit on RH 5.3 server 🔗 link

On the RH 5.3 hosts I have installed just the client side of
hobbit.4.2.0.

After a reboot I get the following in the /var/log/messages file:

Jul  7 15:41:37 galileo kernel: type=1400 audit(1246995697.604:109):
avc:  denied  { append } for  pid=8951 comm="ifconfig"
path="/local/hobbit/client/tmp/msg.galileo.math.purdue.edu.txt.8937"
dev=dm-3 ino=294968 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file
Jul  7 15:41:37 galileo kernel: type=1400 audit(1246995697.604:110):
avc:  denied  { append } for  pid=8951 comm="ifconfig"
path="/local/hobbit/client/logs/hobbitclient.log" dev=dm-3 ino=294969
scontext=system_u:system_r:ifconfig_t:s0
tcontext=user_u:object_r:default_t:s0 tclass=file
Jul  7 15:41:37 galileo kernel: type=1400 audit(1246995697.624:111):
avc:  denied  { append } for  pid=8955 comm="ifconfig"
path="/local/hobbit/client/tmp/msg.galileo.math.purdue.edu.txt.8937"
dev=dm-3 ino=294968 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file
Jul  7 15:41:37 galileo kernel: type=1400 audit(1246995697.624:112):
avc:  denied  { append } for  pid=8955 comm="ifconfig"
path="/local/hobbit/client/logs/hobbitclient.log" dev=dm-3 ino=294969
scontext=system_u:system_r:ifconfig_t:s0
tcontext=user_u:object_r:default_t:s0 tclass=file


Right after a boot I get the following:
 
[14][root at galileo]:hobbit/client/logs# ls -alZ
drwxr-xr-x  bb bb   user_u:object_r:default_t:s0     ./
drwxr-xr-x  bb bb   user_u:object_r:default_t:s0     ../
-rw-r--r--  bb bb   system_u:object_r:default_t:s0
clientlaunch.galileo.math.purdue.edu.pid
-rw-r--r--  bb bb   user_u:object_r:default_t:s0     clientlaunch.log
-rw-r--r--  bb bb   user_u:object_r:default_t:s0     hobbitclient.log


If I then manually run the init.d/hobbit start script then it shows:

35][root at galileo]:hobbit/client/logs# ls -alZ
drwxr-xr-x  bb bb user_u:object_r:default_t:s0     ./
drwxr-xr-x  bb bb user_u:object_r:default_t:s0     ../
-rw-r--r--  bb bb user_u:object_r:default_t:s0
clientlaunch.galileo.math.purdue.edu.pid
-rw-r--r--  bb bb user_u:object_r:default_t:s0     clientlaunch.log
-rw-r--r--  bb bb user_u:object_r:default_t:s0     hobbitclient.log

and I do not get the error messages in /var/log. 

I know that this is being caused by SELinux, but not sure the best way
to resolve this problem?

Thanks

Robert


Robert P. McGraw, Jr.
Manager, Computer System                    EMAIL: user-33cf07af04dd@xymon.invalid
Purdue University                            ROOM: MATH-807
Department of Mathematics                   PHONE: (XXX) XXX-XXXX
XXX N. University Street                      
West Lafayette, IN XXXXX-XXXX

Hi,

Extracting SELinux AVC messages from audit.log and processing them
through audit2allow you can create custom selinux policies.
for instance:
cat /var/log/audit/audit.log | grep 1247036829.715:51 | audit2allow -m xymon
(if auditd service is not running AVC messages will be in /var/log/messages)

Here is my custom xymon policy:

cat xymon.te

# begin #

module xymon 1.0;

require {
        type ifconfig_t;
        type user_home_t;
        class file getattr;
        class file append;
}

#============= ifconfig_t ==============
allow ifconfig_t user_home_t:file getattr;
allow ifconfig_t user_home_t:file append;

# end #

now you need to compile and load this policy:

# compile module
checkmodule -M -m -o xymon.mod xymon.te
# create policy module package
semodule_package -o xymon.pp -m xymon.mod
# install package
semodule -i xymon.pp
# display all installed modules
semodule -l

On Tue, Jul 7, 2009 at 11:11 PM, McGraw, Robert P<user-33cf07af04dd@xymon.invalid> wrote: