semanage is prevented from writing to user_tmp_t file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I have an Enterprise Linux 6 machine, managed by Puppet, enforcing the target policy, for which Puppet manages a bunch of contexts and policies, but the following message occurs when it attempts to do so:

type=AVC msg=audit(1330511088.080:1757): avc: denied { write } for pid=9222 comm="semanage" path="/tmp/puppet20120229-8297-bjmcbp-0" dev=dm-0 ino=1572875 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

The following is a reference to what Puppet is trying to do:

http://git.puppetmanaged.org/?p=mail;a=blob;f=manifests/init.pp;h=2b25c58d1ee68c9391344e8ebebe5493a2bbeb11;hb=fc1a6a3814e01d6b521472b26fce6f35273c1e49#l98

In short, I'm installing custom built mailman packages so that I can have devel@project1 alongside devel@project2 mailing lists by installing dedicated mailman instances for project1 and project2. The Puppet module I'm referring to attempts to apply the necessary SELinux contexts to the files deployed with each RPM package.

I'm wondering what is causing the denial (or, why semanage needs something in /tmp/ with the name of puppet in it) as well as what to do about it - it doesn't seem to be blocking Puppet from achieving the goal of adding new file_contexts for these custom packages.

Kind regards,

Jeroen van Meeuwen

--
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux