[PLUG] selinux and permissions
Eric Harrison
eharrison at mail.mesd.k12.or.us
Wed May 30 20:32:51 UTC 2007
Dan Young wrote:
> On 5/30/07, Paul Heinlein <heinlein at madboa.com> wrote:
>> On Tue, 29 May 2007, Keith Lofstrom wrote:
>>
>> > Any selinux experts here?
>>
>> Practicioner, maybe. Expert, hah!
>>
>> > I am working with a Red Hat Enterprise Linux 5 clone, which comes
>> > with selinux set to "enforced" mode by default. I installed liblzo2
>> > to work with openvpn. When I ran it (as root), I got an error
>> > message (linewraps added by me):
>> >
>> > Starting openvpn: /usr/sbin/openvpn: error while loading shared \
>> > libraries: liblzo2.so.2: cannot enable executable stack as shared \
>> > object requires: Permission denied
>>
>> Right. Dan's suggestion to grep for avc in /var/log/messages won't
>> work in RHEL 5 and clones. You'll need to find the right bits in
>> /var/log/audit/audit.log, but before you do that...
>
> So auditing is on in RHEL5 by default?
>
> The docs disagree:
> http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-analystcontrol.html
>
>
> Though looking now, I see auditd running on an CentOS 5 box and avc
> messages going to audit.log. Looks like the afore-linked docs are
> wrong...
>
I am pretty sure the docs are correct, I belive I manually turned on
auditd (assuming you are looking at one of our EL5 boxes...)
-Eric
More information about the PLUG
mailing list