Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
keepalived and enforcing selinux
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
copapa
n00b
n00b


Joined: 14 Nov 2014
Posts: 7

PostPosted: Wed Dec 17, 2014 5:37 pm    Post subject: keepalived and enforcing selinux Reply with quote

Hi everyone.

I'm trying to install keepalived on my boxes but it doesn't seem to ship with a selinux policy.

Code:
# ls -Z /etc/init.d/keepalived
system_u:object_r:initrc_exec_t /etc/init.d/keepalived
# ls -Z /usr/sbin/keepalived
root:object_r:bin_t /usr/sbin/keepalived



When run in enforcing mode I get this kind of log :
Code:
Dec 17 18:20:51 assystem Keepalived_vrrp[2530]: Netlink: sendmsg() error: Permission denied
Dec 17 18:20:51 assystem Keepalived_vrrp[2530]: Error sending gratuitous ARP on enp2s0 for 192.168.1.200
Dec 17 18:20:51 assystem Keepalived_vrrp[2530]: Error sending gratuitous ARP on enp2s0 for 192.168.1.200
Dec 17 18:20:51 assystem Keepalived_vrrp[2530]: Error sending gratuitous ARP on enp2s0 for 192.168.1.200
Dec 17 18:20:51 assystem Keepalived_vrrp[2530]: Error sending gratuitous ARP on enp2s0 for 192.168.1.200


When running in Permissive mode audit2allow gives me this :
Code:
# grep keepalive /var/log/audit/audit.log | audit2allow


#============= initrc_t ==============
allow initrc_t self:netlink_route_socket nlmsg_write;
allow initrc_t self:netlink_socket { write getattr setopt read bind create };
allow initrc_t self:packet_socket { write create };
allow initrc_t self:rawip_socket { write create setopt };


But I don't think I should allow every init scripts to do that. What would be the procedure to create a policy for one init script (and its binary) ? I tried to change the type of the init script to give him only the permissions but now it appears with "system_u:object_r:unlabeled_t" as a context in the logs.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum