selinux question
Ed Greshko
ed.greshko at greshko.com
Wed Oct 28 23:29:31 UTC 2015
On 10/29/2015 06:56 AM, Paolo Galtieri wrote:
> On the system that fails
>
> /bin/ls -ldZ /var/log/snort
> lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 44 Oct 24
> 17:29 /var/log/snort -> /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
>
> /bin/ls -ldZ /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
> drwxr-xr-x. 2 snort snort unconfined_u:object_r:unlabeled_t:s0 4096
> Oct 28 15:31 /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
>
> Note that on the failing system the selinux context shows the
> directory has unlabeled_t context while on the working system it's
> colord_var_lib_t. I set this at some point (I think), but I forget
> how I did it :-(
>
> I have also set up user snort so that I can login to the account and I
> get
>
> su - snort
> Password:
> su: warning: cannot change directory to /var/log/snort: Permission denied
> -bash: /var/log/snort/.bash_profile: Permission denied
>
> I can write to the directory if I do
>
> sudo touch /var/log/snort/testfile
>
> So what do I need to do to fix this so I can get snort to write to
> it's log directory?
>
> Any assistance is appreciated.
Are you getting AVC records in /var/log/audit/audit.log?
Have you run "sealert -b"?
--
In reality, some people should stick to running Windows and others
should stay away from computers altogether.
More information about the users
mailing list