SELinux and stunnel
W. Michael Petullo
mike at flyn.org
Tue Jul 20 01:49:36 UTC 2004
I am using stunnel to create an encrypted tunnel for SMTP connections to
my ISP. I have configured xinetd to execute stunnel appropriately when a
connection is made to localhost:465. This has stopped working when using
recent strict policies. I now see the following errors in my system logs:
Jul 19 20:42:16 imp kernel: audit(1090287736.954:0): avc: denied {
execute } for pid=6363 exe=/usr/sbin/xinetd name=stunnel dev=dm-0
ino=48915 scontext=root:system_r:inetd_t tcontext=system_u:object_r:sbin_t
tclass=file
Jul 19 20:42:16 imp kernel: audit(1090287736.954:0): avc: denied {
execute_no_trans } for pid=6363 exe=/usr/sbin/xinetd
path=/usr/sbin/stunnel dev=dm-0 ino=48915 scontext=root:system_r:inetd_t
tcontext=system_u:object_r:sbin_t tclass=file
Jul 19 20:42:16 imp kernel: audit(1090287736.956:0): avc: denied { read
} for pid=6363 exe=/usr/sbin/xinetd path=/usr/sbin/stunnel dev=dm-0
ino=48915 scontext=root:system_r:inetd_t tcontext=system_u:object_r:sbin_t
tclass=file
Jul 19 20:42:17 imp kernel: audit(1090287737.391:0): avc: denied {
getattr } for pid=6363 exe=/usr/sbin/stunnel path=/dev/urandom dev=dm-0
ino=272235 scontext=root:system_r:inetd_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Jul 19 20:42:17 imp kernel: audit(1090287737.395:0): avc: denied { read
} for pid=6363 exe=/usr/sbin/stunnel name=urandom dev=dm-0 ino=272235
scontext=root:system_r:inetd_t tcontext=system_u:object_r:urandom_device_t
tclass=chr_file
Jul 19 20:42:17 imp kernel: audit(1090287737.395:0): avc: denied { ioctl
} for pid=6363 exe=/usr/sbin/stunnel path=/dev/urandom dev=dm-0
ino=272235 scontext=root:system_r:inetd_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
I am using:
selinux-policy-strict-sources-1.15.5-2
selinux-policy-strict-1.15.5-2
policycoreutils-1.15.1-1
checkpolicy-1.14.1-1
libselinux-devel-1.15.1-1
libselinux-1.15.1-1
Should I put this in bugzilla?
--
Mike
More information about the selinux
mailing list