I presume I can simply ignore the SELinux warnings I'm getting on a fresh install after running the hda-install from the command line?
the warnings I get are
* SELinux is preventing the iptables from using the potentially mislabeled files (/root/hda-install.log).
* same warning but "restorecon" replaces "iptables"
* same warning but with "nscd"
SELinux warnings on install
Re: SELinux warnings on install
Oddly I do see that the line "Disabling SELinux." as part of the output in the terminal window after running hda-install. It may be that these warnings popped up prior to that step. I don't remember.
Re: SELinux warnings on install
It was probably before the disable, Amahi disables SELinux during the install process (hda-install) and keeps it off to keep problems from happening with the network and to allow the install process to take place. Having it disabled is no liability, it just helps Amahi and you out lol.
Im not an expert on SELinux so if you need anymore info on this someone else more "selinux inclined" will come along to help with those questions.
Im not an expert on SELinux so if you need anymore info on this someone else more "selinux inclined" will come along to help with those questions.
Having problems with connecting to the internet? Try the Network Troubleshooter.
Not sure what your Gateway IP? Head on over to the Find Your Gateway IP page to find out easily.
Not sure what your Gateway IP? Head on over to the Find Your Gateway IP page to find out easily.
-
Trollgaard
- Posts: 1
- Joined: Thu Mar 18, 2010 12:04 pm
Re: SELinux warnings on install
Yes. First time I try Amahi. Installed on a VM running in KVM through Ubuntu 9.10. I had to go through the troubleshooting and install the ruby and sinatra packages. Then restart Amahi installer as stated. Got the install running after that. But I got slot of warnings from SELinux. Pasted the output here if anyone is interested. -Troll
------------------------------------------------------------------------------------------------------------------------------
Summary:
SELinux is preventing /sbin/consoletype access to a leaked /root/hda-install.log
file descriptor.
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux denied access requested by the consoletype command. It looks like this
is either a leaked descriptor or consoletype output was redirected to a file it
is not allowed to access. Leaks usually can be ignored since SELinux is just
closing the leak and reporting the error. The application does not use the
descriptor, so it will run properly. If this is a redirection, you will not get
output in the /root/hda-install.log. You should generate a bugzilla on
selinux-policy, and it will get routed to the appropriate package. You can
safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-f ... #id2961385)
Additional Information:
Source Context unconfined_u:system_r:consoletype_t:s0
Target Context unconfined_u:object_r:admin_home_t:s0
Target Objects /root/hda-install.log [ file ]
Source consoletype
Source Path /sbin/consoletype
Port <Unknown>
Host amahi
Source RPM Packages initscripts-9.02-1
Target RPM Packages
Policy RPM selinux-policy-3.6.32-41.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name leaks
Host Name amahi
Platform Linux amahi 2.6.31.5-127.fc12.x86_64 #1 SMP Sat
Nov 7 21:11:14 EST 2009 x86_64 x86_64
Alert Count 2
First Seen Thu 18 Mar 2010 07:56:30 PM CET
Last Seen Thu 18 Mar 2010 07:56:30 PM CET
Local ID fd11d9cd-ee48-486b-8325-c8e38a618547
Line Numbers
Raw Audit Messages
node=amahi type=AVC msg=audit(1268938590.923:34868): avc: denied { write } for pid=2803 comm="consoletype" path="/root/hda-install.log" dev=dm-0 ino=101128 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
node=amahi type=AVC msg=audit(1268938590.923:34868): avc: denied { read write } for pid=2803 comm="consoletype" path="socket:[25052]" dev=sockfs ino=25052 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
node=amahi type=SYSCALL msg=audit(1268938590.923:34868): arch=c000003e syscall=59 success=yes exit=0 a0=1a4ff60 a1=1a4ffc0 a2=1a50050 a3=7fffd2755940 items=0 ppid=2802 pid=2803 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)
------------------------------------------------------------------------------------------------------------------------------
Summary:
SELinux is preventing /sbin/consoletype access to a leaked /root/hda-install.log
file descriptor.
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux denied access requested by the consoletype command. It looks like this
is either a leaked descriptor or consoletype output was redirected to a file it
is not allowed to access. Leaks usually can be ignored since SELinux is just
closing the leak and reporting the error. The application does not use the
descriptor, so it will run properly. If this is a redirection, you will not get
output in the /root/hda-install.log. You should generate a bugzilla on
selinux-policy, and it will get routed to the appropriate package. You can
safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-f ... #id2961385)
Additional Information:
Source Context unconfined_u:system_r:consoletype_t:s0
Target Context unconfined_u:object_r:admin_home_t:s0
Target Objects /root/hda-install.log [ file ]
Source consoletype
Source Path /sbin/consoletype
Port <Unknown>
Host amahi
Source RPM Packages initscripts-9.02-1
Target RPM Packages
Policy RPM selinux-policy-3.6.32-41.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name leaks
Host Name amahi
Platform Linux amahi 2.6.31.5-127.fc12.x86_64 #1 SMP Sat
Nov 7 21:11:14 EST 2009 x86_64 x86_64
Alert Count 2
First Seen Thu 18 Mar 2010 07:56:30 PM CET
Last Seen Thu 18 Mar 2010 07:56:30 PM CET
Local ID fd11d9cd-ee48-486b-8325-c8e38a618547
Line Numbers
Raw Audit Messages
node=amahi type=AVC msg=audit(1268938590.923:34868): avc: denied { write } for pid=2803 comm="consoletype" path="/root/hda-install.log" dev=dm-0 ino=101128 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
node=amahi type=AVC msg=audit(1268938590.923:34868): avc: denied { read write } for pid=2803 comm="consoletype" path="socket:[25052]" dev=sockfs ino=25052 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
node=amahi type=SYSCALL msg=audit(1268938590.923:34868): arch=c000003e syscall=59 success=yes exit=0 a0=1a4ff60 a1=1a4ffc0 a2=1a50050 a3=7fffd2755940 items=0 ppid=2802 pid=2803 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)
Who is online
Users browsing this forum: No registered users and 72 guests