[PLUG] selinux and permissions

Dan Young danielmyoung at gmail.com
Wed May 30 20:03:50 UTC 2007


On 5/30/07, Paul Heinlein <heinlein at madboa.com> wrote:
> On Tue, 29 May 2007, Keith Lofstrom wrote:
>
> > Any selinux experts here?
>
> Practicioner, maybe. Expert, hah!
>
> > I am working with a Red Hat Enterprise Linux 5 clone, which comes
> > with selinux set to "enforced" mode by default.  I installed liblzo2
> > to work with openvpn.  When I ran it (as root), I got an error
> > message (linewraps added by me):
> >
> > Starting openvpn: /usr/sbin/openvpn: error while loading shared \
> > libraries: liblzo2.so.2: cannot enable executable stack as shared \
> > object requires: Permission denied
>
> Right. Dan's suggestion to grep for avc in /var/log/messages won't
> work in RHEL 5 and clones. You'll need to find the right bits in
> /var/log/audit/audit.log, but before you do that...

So auditing is on in RHEL5 by default?

The docs disagree:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-analystcontrol.html

Though looking now, I see auditd running on an CentOS 5 box and avc
messages going to audit.log. Looks like the afore-linked docs are
wrong...

-- 
Dan



More information about the PLUG mailing list