Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SELinux Security Context-External Drive
Operating Systems Linux Red Hat SELinux Security Context-External Drive Post 302705861 by admin_xor on Tuesday 25th of September 2012 03:54:11 PM
Old 09-25-2012
As the install fails even when SELinux is set to permissive mode, it does not seem to be a problem (one word of advice though: SELinux may cause significant performance hit on production systems, it's still not a complete product). But still, I suggest that you have a look at /var/log/audit/audit.log for possible AVC denials during that installation. The below command will show you the AVC denials for the day:
Code:
ausearch -m avc -ts today

The below command will show you the step you need to take to prevent the AVC denial:
Code:
sealert –a /var/log/audit/audit.log   # requires setroubleshoot-server to be installed

However, I would still look at the permissions. You said the installation failed, but with what error message? Can you post "ls -l" for the executable file? I see setuid bit is enabled, but is it an ELF binary file or a script one? Remember, setuid does not work on script files on modern systems. What file system does the external drive have?

Please post the required information and I might be able to help you out.

A poor man's SAN? I assume you actually meant a NAS considering the context. You can easily build up a Linux box as a NAS with NFS or SAMBA. There are lots of guides on this around the net. If you come across any issue or have a doubt, just drop in here. If you are not that comfortable with SELinux, just disable it by editing /etc/sysconfig/selinux and rebooting the machine. You may also disable the firewall (not recommended though, it's really easy to work with iptables, take a day to learn it and it's awesome).
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

listing directories of an external hard drive

How do I do it? I have a mac and a pc and am having a time cd-ing to the external drive. (2 Replies)
Discussion started by: theGooch
2 Replies

2. UNIX for Dummies Questions & Answers

External SCSI hard drive

Someone gave me a small external SCSI hard drive for my SunOS 5.8 test system. How do I make Unix see the hard drive? (2 Replies)
Discussion started by: FredSmith
2 Replies

3. AIX

external DDS4 Tape Drive

Hi folks, I've got a little problem concerning my external dds4 tape drive. I've got 2 rs6000 systems, one has a external dds4 tape drive attached, I want to attach the tape drive to the other rs6000 system so that i can restore data from the 1st rs6000 on to the second. Does anybody has... (3 Replies)
Discussion started by: Erik Rooijmans
3 Replies

4. Filesystems, Disks and Memory

Partitioning External Drive

I am about to set up another triple boot drive, but this one is connected to my MacBook with a USB adapter. I want to be sure that I do not overwrite data on my laptop's internal drive. This is the command I used for the internal drive, which was found in an Ubuntu forum, but the sizes were changed... (0 Replies)
Discussion started by: MacInAction
0 Replies

5. Debian

Unable to mount external drive

Trying to mount an external 160GB Toshiba drive but.... this is my dmesg tail output: usb 2-2: new high speed USB device using ehci_hcd and address 3 usb 2-2: New USB device found, idVendor=13fd, idProduct=1618 usb 2-2: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 2-2:... (4 Replies)
Discussion started by: Ridson
4 Replies

6. OS X (Apple)

Need some help with lost data on external drive

Hi all, I would really appreciate some assistance with some lost data on external drive. The external is a Seagate Goflex 3TB drive, Desktop hard drive | External Desktop hard drives | FreeAgent | GoFlex Desk | Seagate The purpose of the drive is to do time machine backups to it from my mac.... (7 Replies)
Discussion started by: brianjb
7 Replies

7. Red Hat

Usb external drive

Hi Guys I am using RHEL5 O/S. We have mounted the usb external hard drive to the server as root. I want the user oracle to be able to write into this external hard drive. How do i do that ? Please Help!!! (1 Reply)
Discussion started by: Phuti
1 Replies

8. UNIX for Advanced & Expert Users

External hard drive

I have connected an external hard drive. I can't find it. Both ls /media, fdisk -l and ls /dev show nothing. TIA (3 Replies)
Discussion started by: Meow613
3 Replies

9. UNIX for Beginners Questions & Answers

How to Install UNIX on an External Drive?

Hello, I'm running Windows 10, but I wish to install UNIX on an external drive and not my internal drive. Also, I'm not quite sure what UNIX to install? I also want to install the GNAT compiler so that I can also practice Ada programming. I will appreciate all help, CMN (2 Replies)
Discussion started by: CMN
2 Replies

LEARN ABOUT CENTOS

avc_reset

avc_open(3)						     SELinux API documentation						       avc_open(3)

NAME

       avc_open, avc_destroy, avc_reset, avc_cleanup - userspace SELinux AVC setup and teardown

SYNOPSIS

       #include <selinux/selinux.h>
       #include <selinux/avc.h>

       int avc_open(struct selinux_opt *options, unsigned nopt);

       void avc_destroy(void);

       int avc_reset(void);

       void avc_cleanup(void);

DESCRIPTION

       avc_open() initializes the userspace AVC and must be called before any other AVC operation can be performed.

       avc_destroy() destroys the userspace AVC, freeing all internal memory structures.  After this call has been made, avc_open() must be called
       again before any AVC operations can be performed.

       avc_reset() flushes the userspace AVC, causing it to forget any cached access decisions.  The userspace AVC normally  calls  this  function
       automatically when needed, see NETLINK NOTIFICATION below.

       avc_cleanup() attempts to free unused memory within the userspace AVC, but does not flush any cached access decisions.  Under normal opera-
       tion, calling this function should not be necessary.

OPTIONS

       The userspace AVC obeys callbacks set via selinux_set_callback(3), in particular the logging and audit callbacks.

       The options which may be passed to avc_open() include the following:

       AVC_OPT_SETENFORCE
	      This option forces the userspace AVC into enforcing mode if the option value is non-NULL; permissive  mode  otherwise.   The  system
	      enforcing mode will be ignored.

NETLINK NOTIFICATION

       Beginning  with	version  2.6.4, the Linux kernel supports SELinux status change notification via netlink.  Two message types are currently
       implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively.  The userspace AVC listens  for
       these messages and takes the appropriate action, modifying the behavior of avc_has_perm(3) to reflect the current enforcing mode and flush-
       ing the cache on receipt of a policy load notification.	Audit messages are produced when netlink notifications are processed.

RETURN VALUE

       Functions with a return value return zero on success.  On error, -1 is returned and errno is set appropriately.

AUTHOR

       Eamon Walsh <ewalsh@tycho.nsa.gov>

SEE ALSO

       selinux(8),  avc_has_perm(3),  avc_context_to_sid(3),  avc_cache_stats(3),  avc_add_callback(3),   selinux_set_callback(3),   security_com-
       pute_av(3)

								    12 Jun 2008 						       avc_open(3)
All times are GMT -4. The time now is 03:12 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy