feffe
n00b
Joined: 01 Mar 2019
Posts: 3
|
 Posted: Fri Mar 01, 2019 10:19 pm Post subject: OpenRC and troubleshooting SELinux |
 |
|
Hi,
I'm trying to enforce selinux on a my machines, but I'm having issues troubleshooting denials from init script. Currently I'm trying to get puppet to work.
The first issue is that the init-script wants to execute checkpath, but fails:
| Code: |
# rc-service puppet start
Authenticating feffe.
puppet | * /var/log/puppetlabs/puppet: creating directory
puppet | * checkpath: mkdir: Permission denied
|
The audit log gives no indication on why it was denied (even when disabling dontaudit using "semodule -DBR"), but in permissive mode it works. I've tried to add the following to a local policy, hoping that one of them would be correct, but no such luck:
| Code: |
manage_dirs_pattern(run_init_t, var_log_t, var_log_t)
manage_dirs_pattern(initrc_t, var_log_t, var_log_t)
|
There are more issues after this, but for now I would be happy if anyone can tell me what's going on in openrc, why can't I find the denials for checkpaths failure?
Edit:
Turns out checkpath runs as tmpfiles_t, which explains why the above didn't work. I've created bug #679234 with my findings regarding puppet. |
|
Networking & Security
