problem with likewise and audit messages

Maria Iano maria at iano.org
Tue May 31 15:17:48 UTC 2011 

We use targeted SELinux  and Likewise Open on our RHEL 5 and CentOS 5  
servers, even though Likewise is currently not supported with SELinux  
in enforcing mode. Both of them together have been working reliably  
for us so far. The audit logs fill up with AVC messages like the ones  
I have pasted at the end of this message, which are all regarding /var/ 
lib/likewise/.lsassd and don't appear to matter from a functional  
point of view for the system. I have configured setroubleshoot to send  
emails to an internal mailing list when something is blocked, because  
apart from the likewise events anything else is really urgent. The  
problem is that the list receives so many messages about /var/lib/ 
likewise/.lsassd that the urgent ones get "lost". I have asked the  
folks at Likewise about this and their answer is always that SELinux  
should be permissive or disabled.

Is there some way  to prevent auditd from logging these AVC messages?

type=AVC msg=audit(1306183684.644:121931): avc:  denied  { connectto }  
for  pid=31266 comm="vsftpd" path="/var/lib/likewise/.lsassd"  
scontext=system_u:system_r:ftpd_t:s0  
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket

type=AVC msg=audit(1306185430.740:122001): avc:  denied  { write }  
for  pid=378 comm="pickup" name=".lsassd" dev=dm-1 ino=426071  
scontext=system_u:system_r:postfix_pickup_t:s0  
tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file

type=AVC msg=audit(1306179615.139:121656): avc:  denied  { connectto }  
for  pid=22431 comm="httpd" path="/var/lib/likewise/.lsassd"  
scontext=user_u:system_r:httpd_t:s0  
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket

type=USER_AUTH msg=audit(1306265986.269:124088): user pid=25822 uid=0  
auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023  
msg='PAM: authentication acct="layout" : exe="/usr/sbin/ 
sshd" (hostname=asb-sys61.us.ad.gannett.com, addr=10.0.65.242,  
terminal=ssh res=failed)'

type=AVC msg=audit(1306853338.309:51215): avc:  denied  { write } for   
pid=5472 comm="genhomedircon" name=".lsassd" dev=dm-4 ino=32827  
scontext=user_u:system_r:semanage_t:s0  
tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file

type=AVC msg=audit(1306853338.309:51215): avc:  denied  { connectto }  
for  pid=5472 comm="genhomedircon" path="/var/lib/likewise/.lsassd"  
scontext=user_u:system_r:semanage_t:s0  
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket

Thanks,
Maria

More information about the selinux mailing list