problem with likewise and audit messages
Maria Iano
maria at iano.org
Tue May 31 15:17:48 UTC 2011
We use targeted SELinux and Likewise Open on our RHEL 5 and CentOS 5
servers, even though Likewise is currently not supported with SELinux
in enforcing mode. Both of them together have been working reliably
for us so far. The audit logs fill up with AVC messages like the ones
I have pasted at the end of this message, which are all regarding /var/
lib/likewise/.lsassd and don't appear to matter from a functional
point of view for the system. I have configured setroubleshoot to send
emails to an internal mailing list when something is blocked, because
apart from the likewise events anything else is really urgent. The
problem is that the list receives so many messages about /var/lib/
likewise/.lsassd that the urgent ones get "lost". I have asked the
folks at Likewise about this and their answer is always that SELinux
should be permissive or disabled.
Is there some way to prevent auditd from logging these AVC messages?
type=AVC msg=audit(1306183684.644:121931): avc: denied { connectto }
for pid=31266 comm="vsftpd" path="/var/lib/likewise/.lsassd"
scontext=system_u:system_r:ftpd_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1306185430.740:122001): avc: denied { write }
for pid=378 comm="pickup" name=".lsassd" dev=dm-1 ino=426071
scontext=system_u:system_r:postfix_pickup_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file
type=AVC msg=audit(1306179615.139:121656): avc: denied { connectto }
for pid=22431 comm="httpd" path="/var/lib/likewise/.lsassd"
scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=USER_AUTH msg=audit(1306265986.269:124088): user pid=25822 uid=0
auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023
msg='PAM: authentication acct="layout" : exe="/usr/sbin/
sshd" (hostname=asb-sys61.us.ad.gannett.com, addr=10.0.65.242,
terminal=ssh res=failed)'
type=AVC msg=audit(1306853338.309:51215): avc: denied { write } for
pid=5472 comm="genhomedircon" name=".lsassd" dev=dm-4 ino=32827
scontext=user_u:system_r:semanage_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file
type=AVC msg=audit(1306853338.309:51215): avc: denied { connectto }
for pid=5472 comm="genhomedircon" path="/var/lib/likewise/.lsassd"
scontext=user_u:system_r:semanage_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
Thanks,
Maria
More information about the selinux
mailing list