hpasm + RHEL4 with SELinux produces audit errors

Matthew Braithwaite_1 · ‎03-01-2005

I'm trying to get RHEL4 ready to Kickstart, and I find that in a pretty vanilla installation, I still get some SELinux errors. Specifically, what I'm doing is:

rpm -Uvh net-snmp*
export CMAFDTNSILENT=yes
export CMAAGENTEXCLUDESTR="cmawebd cmaperfd cmascsid"
export CMALOCALHOSTROCOMMSTR=public
export CMASILENT=yes
rpm -Uvh hpasm-7.2.1-313.i386.rpm

The hpasm installation says that it's messing with SELinux, but apparently it's missing something, because while it's installing, I get these errors on the console:

audit(1109697409.099:0): avc: denied { search } for pid=25293 exe=/usr/sbin/snmpd scontext=root:system_r:snmpd_t tcontext=system_u:object_r:sysctl_dev_t tclass=dir

ProLiant System Health Monitor loading
audit(1109697413.919:0): avc: denied { read write } for pid=26242 exe=/usr/sbin/snmpd path=socket:[151024] dev=sockfs ino=151024 scontext=root:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=unix_stream_socket

audit(1109697414.196:0): avc: denied { search } for pid=26264 exe=/usr/sbin/snmpd scontext=root:system_r:snmpd_t tcontext=system_u:object_r:sysctl_dev_t tclass=dir

I tried looking for mention of SELinux in the docs, but this didn't turn anything up:

rpm -ql hpasm|xargs fgrep -il selinux

Matthew Braithwaite_1 · ‎03-01-2005

There's also an error specific to cmanic. This one, though, I can figure out:

audit(1109699409.193:0): avc: denied { search } for pid=30216 exe=/sbin/syslogd name=spool dev=cciss/c0d0p2 ino=4276259 scontext=root:system_r:syslogd_t tcontext=system_u:object_r:var_spool_t tclass=dir

syslogd: /var/spool/compaq/nic/messages_fifo: Permission denied

This comes from the change that cmanic-7.2.1-5 makes to /etc/syslog.conf.

Robert_397 · ‎03-23-2005

Simply disable SELinux or set it only to warning. SELinux enforced shouldn't be used for external binary stuff.

Matthew Braithwaite_1 · ‎03-24-2005

But I don't want to disable SELinux. I think it's a good idea.

Besides which, RHEL 4 turns it on by default, so I think Compaq's management software needs to have a better solution than "turn it off".

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

hpasm + RHEL4 with SELinux produces audit errors

hpasm + RHEL4 with SELinux produces audit errors

Re: hpasm + RHEL4 with SELinux produces audit errors

Re: hpasm + RHEL4 with SELinux produces audit errors

Re: hpasm + RHEL4 with SELinux produces audit errors