Re: OpenAFS and SELinux

2012-07-11 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/11/2012 10:46 AM, suvayu ali wrote: > On Wed, Jul 11, 2012 at 4:39 PM, Daniel J Walsh wrote: >> >> On 07/06/2012 05:34 AM, suvayu ali wrote: >>> Hi Daniel, >>> >>> On Thu, Jul 5, 2012 at 12:27 PM, Daniel J Walsh >>> wrote: After turning

Re: OpenAFS and SELinux

2012-07-11 Thread suvayu ali
On Wed, Jul 11, 2012 at 4:39 PM, Daniel J Walsh wrote: > > On 07/06/2012 05:34 AM, suvayu ali wrote: >> Hi Daniel, >> >> On Thu, Jul 5, 2012 at 12:27 PM, Daniel J Walsh wrote: >>> After turning on full auditing can you try it again and get the full >>> AVC, including the PATH record. >> >> On a f

Re: OpenAFS and SELinux

2012-07-11 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/06/2012 05:34 AM, suvayu ali wrote: > Hi Daniel, > > On Thu, Jul 5, 2012 at 12:27 PM, Daniel J Walsh wrote: >> After turning on full auditing can you try it again and get the full >> AVC, including the PATH record. > > On a freshly booted syst

Re: OpenAFS and SELinux

2012-07-06 Thread suvayu ali
Hi Daniel, On Thu, Jul 5, 2012 at 12:27 PM, Daniel J Walsh wrote: > After turning on full auditing can you try it again and get the full AVC, > including the PATH record. On a freshly booted system, I turned on full auditing like this: # auditctl -w /etc/shadow -p w Then I started openafs li

Re: OpenAFS and SELinux

2012-07-05 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/2012 02:56 PM, suvayu ali wrote: > Hi Dave, > > On Wed, Jul 4, 2012 at 7:36 PM, David Quigley > wrote: >> On 07/04/2012 11:28, suvayu ali wrote: >>> >>> Hi, >>> >>> Every time I start openafs with "systemctl start openafs.service", I >>> g

Re: OpenAFS and SELinux

2012-07-04 Thread suvayu ali
Hi Dave, On Wed, Jul 4, 2012 at 7:36 PM, David Quigley wrote: > On 07/04/2012 11:28, suvayu ali wrote: >> >> Hi, >> >> Every time I start openafs with "systemctl start openafs.service", I get >> the following SELinux AVC denial. >> >> SELinux is preventing /usr/sbin/afsd from using the dac_over

Re: OpenAFS and SELinux

2012-07-04 Thread David Quigley
On 07/04/2012 11:28, suvayu ali wrote: Hi, Every time I start openafs with "systemctl start openafs.service", I get the following SELinux AVC denial. SELinux is preventing /usr/sbin/afsd from using the dac_override capability. # systemctl status openafs.service openafs.service - LSB:

OpenAFS and SELinux

2012-07-04 Thread suvayu ali
Hi, Every time I start openafs with "systemctl start openafs.service", I get the following SELinux AVC denial. SELinux is preventing /usr/sbin/afsd from using the dac_override capability. # systemctl status openafs.service openafs.service - LSB: start and stop OpenAFS Loaded: