fedora-selinux-list Digest, Vol 39, Issue 21

Daniel J Walsh dwalsh at redhat.com
Wed May 23 13:24:34 UTC 2007 

Dineshwar Kumar wrote:
> Hi,
>  
>  
> I am new to the selinux policy can any one tell me what is this. i am 
> using snmp to read the nfs mounted dir "content_directory". than i got 
> this entry in my log.
>  
>  
>  
> 05.22.2007 04:46:53 EDT <kern.notice> 172.25.33.140 
> <http://172.25.33.140> kernel: audit(1179391601.031:1144058): avc:  
> denied   { search } for  pid=19687 comm="snmpd" 
> name="content_directory" dev=0:15 ino=14609954 
> scontext=system_u:system_r:snmpd_t tcontext=root:object_r:nfs_t 
> tclass=dir
>  
>  
>  
This means that SELinux policy will not allow the snmpd daemon to 
search/read nfs file systems.  If you want to allow this permission you 
can add it using

audit2allow -M mysnmpd -i /var/log/audit/audit.log


>  
> on the parent dir the selinux policy is this
>  
>
> [root at INP-AS-11 /]# ls -Z 
> /usr/local/PServer41SP2/server/nodes/momentum/archives/public_html/
> drwxrwxrwx  supportp supportp user_u:object_r:usr_t            admin
> drwxrwxrwx  supportp supportp user_u:object_r:usr_t            cliks
> drwxrwxrwx  root     root                                      
> cliksdmrroot
> -rw-rw-r--  supportp supportp user_u:object_r:usr_t            cliks.tgz
> drwxrwxrwx  supportp supportp user_u:object_r:usr_t            css
> -rwxrwxrwx  supportp supportp user_u:object_r:usr_t            index.jsp
> drwxrwxrwx  supportp supportp user_u:object_r:usr_t            
> pramati_admin_help
> drwxrwxrwx  supportp supportp user_u:object_r:usr_t            WEB-INF
>
>  
>
>
> [root at INP-AS-11 /]# ls -Z 
> /usr/local/PServer41SP2/server/nodes/momentum/archives/public_html/cliksdmrroot/
> drwxrwxrwx  nfsnobod nfsnobod                                  
> content_directory
> drwxrwxrwx  nfsnobod nfsnobod                                  
> dfxmldirectory
> drwxrwxrwx  nfsnobod nfsnobod                                  dmrnormal
> drwxrwxrwx  nfsnobod nfsnobod                                  exportarea
> drwxrwxrwx  nfsnobod nfsnobod                                  
> kmexportarea
> drwxrwxrwx  nfsnobod nfsnobod                                  kmnwpath
> drwxrwxrwx  nfsnobod nfsnobod                                  
> kmtemprepository
> drwxrwxrwx  nfsnobod nfsnobod                                  
> kmxmlrepository
> drwxrwxrwx  nfsnobod nfsnobod                                  
> lmsdirectory
> -rwxrwxrwx  nfsnobod nfsnobod                                  
> log4j.properties
> drwxrwxrwx  nfsnobod nfsnobod                                  
> tedirectory
> drwxrwxrwx  nfsnobod nfsnobod                                  umdirectory
> drwxrwxrwx  nfsnobod nfsnobod                                  WEB-INF
> drwxrwxrwx  nfsnobod nfsnobod                                  
> wsdirectory
>
>  
>  
>  
> With Thanks,
> Dinesh 
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list