Curious Behavior doing routine redirection of ping output to file...

Wed Dec 21 05:18:40 UTC 2005

I'm not exactly a "newbie," but I'm diving a lot deeper than
I ever have. This one has me a little wrapped around the axel, and
if someone could help clear the fog, I'd appreciate it.

The short version:
I'm trying to redirect the output of ping to a file.   I get a 0
byte file as a result.

Where I am now:
When selinux is permissive, it works as I expect it to.

When this started, I had no idea that selinux was running or even what
it was, exactly (I've been running this system for about two weeks). 
I've learned a lot since then.  But I haven't figured out how to do
anything other than flip bits on existing boolean rules and change
the sestatus mode.  For example, how do I fix the above problem?

Current version: 2.6.14-1.1653_FC4 with selinux in targeted/enforced.

When this began, I posted a message to www.fedoraforum.org
( http://www.fedoraforum.org/forum/showthread.php?t=88238 )
with the title, "BASH: How to redirect ping output to file?"

Later, I found this from from /var/log/audit/audit.log ...
type=AVC msg=audit(1134599953.748:32): avc:  denied  { write } for  
pid=5503 comm="ping" name="pingoutput2" dev=dm-0 ino=916895 
scontext=root:system_r:ping_t tcontext=root:object_r:user_home_t tclass=file
type=SYSCALL msg=audit(1134599953.748:32): arch=40000003 syscall=11 
success=yes exit=0 a0=8d64360 a1=8d56400 a2=8d51520 a3=1 items=2 
pid=5503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 comm="ping" exe="/bin/ping"
type=AVC_PATH msg=audit(1134599953.748:32):  path="/root/pingoutput2"
type=CWD msg=audit(1134599953.748:32):  cwd="/root"
type=PATH msg=audit(1134599953.748:32): item=0 name="/bin/ping" 
flags=101  inode=5499653 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1134599953.748:32): item=1 flags=101  inode=5892482 
dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00

... and I discovered the commands audit2why and audit2allow, which has
this example in the audit2allow man pages ...

  $ cd /etc/selinux/$(SELINUXTYPE)/src/policy
  $ /usr/bin/audit2allow -i < /var/log/audit/audit.log >> 
domains/misc/local.te <review domains/misc/local.te and customize as 
desired>
  $ make load

... and that's where my zero-byte stack blows.

I have no src directory under /etc/selinux/targeted, nor do I have
anything at all on my system named domains.  Still, I tried to follow
the advice by mdkir'ing the necessary directories and creating a
local.te file with the recommended "allow ping_t user_home_t:file write;"
line in it. 

Then I typed 'make load' and I really think I actually heard something
laugh at me. 

This is the way I learn best, and this isn't anything more than a
curiousity to me.  But from what I've told you so far, can you point
me into the right direction?

I did search the archive for this list, as well as the FC3 (which
also seemed to point to these directories that I don't have).

Thanks!

Robb Topolski
robb(at)funchords(dot)com
http://www.funchords.com