«

SElinux and Proliant Support Pack (PSP) on RHEL or Centos 5

I’ve been getting these annoying messages in the audit log, /var/log/audit/audit.log after installing the Proliant Support Pack on RHEL5.

type=AVC msg=audit(1262639482.789:2027381): avc:  denied  { read write } for  pid=18916 comm=”ethtool” path=”/dev/hpilo/d0ccb5″ dev=tmpfs ino=6784 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=AVC msg=audit(1262639482.789:2027381): avc:  denied  { read write } for  pid=18916 comm=”ethtool” path=”socket:[22602]” dev=sockfs ino=22602 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=netlink_route_socket

I don’t know what this is but I DON’T want to allow it and I don’t want to see this in the audit log anymore

First off 3 terms:

So basicly what I did to get rid of these messages is that I wrote a new module called pspignore to ignore, without allowing them. Here’s what I did:

Make a local directory for my modules

mkdir -p /etc/selinux/local

cd /etc/selinux/local

Download my custom module which include “dontaudit” for these conditions.

wget http://tommi.org/static/ignorepsp.te

Build the module and install it

checkmodule -M -m -o ignorepsp.mod ignorepsp.te

semodule_package -o ignorepsp.pp -m ignorepsp.mod

semodule -i ignorepsp.pp

That should be it. The main thing can be found at the bottom of ignorepsp.te:

dontaudit ifconfig_t device_t:chr_file { read write };
dontaudit ifconfig_t initrc_t:netlink_route_socket { read write };

Hope this is helpfull.

  • Share/Bookmark

Tags: , , , , , , , ,

This entry was posted on Monday, January 4th, 2010 at 8:01 pm and is filed under Open Source. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “SElinux and Proliant Support Pack (PSP) on RHEL or Centos 5”

  1. Chris Says:
    March 4th, 2010 at 5:45 pm

    Thanks Tommi, this IS appreciated!

Leave a Reply