[lldp-devel] SELinux Issues with lldpad and lldptool

Charles Miller cdmiller at msu.edu
Wed Nov 30 19:17:32 UTC 2016


Hello,

I have an issue with SELinux blocking calls using lldpad and lldptool
and I haven't had much luck solving the issue short of setting SELinux
to Permissive mode, which I can't do.  Below are the messages that are
being produced in /var/log/audit/audit.log:

type=AVC msg=audit(1480515824.877:248066): avc:  denied  { sendto } for 
pid=3673465 comm="lldpad"
path=002F636F6D2F696E74656C2F6C6C647061642F33353438363635
scontext=system_u:object_r:unlabeled_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1480515824.877:248066): arch=c000003e syscall=44
success=yes exit=32 a0=3 a1=7f2bcd88fbf0 a2=20 a3=0 items=0 ppid=1
pid=3673465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lldpad"
exe="/usr/sbin/lldpad" subj=system_u:system_r:init_t:s0 key=(null)

---

type=AVC msg=audit(1480528424.986:248454): avc:  denied  { write } for 
pid=3673465 comm="lldpad" path=002F636F6D2F696E74656C2F6C6C64706164
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1480528424.986:248454): avc:  denied  { sendto } for 
pid=3673465 comm="lldpad"
path=002F636F6D2F696E74656C2F6C6C647061642F33363336373438
scontext=system_u:object_r:unlabeled_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1480528424.986:248454): arch=c000003e syscall=44
success=yes exit=32 a0=3 a1=7f2bcd88fbf0 a2=20 a3=0 items=0 ppid=1
pid=3673465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lldpad"
exe="/usr/sbin/lldpad" subj=system_u:system_r:init_t:s0 key=(null)

---

type=AVC msg=audit(1480528424.986:248453): avc:  denied  { read } for 
pid=3673465 comm="lldpad" path=002F636F6D2F696E74656C2F6C6C64706164
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1480528424.986:248453): arch=c000003e syscall=47
success=yes exit=40 a0=3 a1=7ffec32d5cd0 a2=0 a3=583f1228 items=0 ppid=1
pid=3673465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lldpad"
exe="/usr/sbin/lldpad" subj=system_u:system_r:init_t:s0 key=(null)

---

type=AVC msg=audit(1480528424.985:248452): avc:  denied  { sendto } for 
pid=3636748 comm="lldptool" path=002F636F6D2F696E74656C2F6C6C64706164
scontext=system_u:system_r:unconfined_service_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1480528424.985:248452): arch=c000003e syscall=42
success=yes exit=0 a0=3 a1=7f21f03d1082 a2=14 a3=0 items=0 ppid=3636747
pid=3636748 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lldptool"
exe="/usr/sbin/lldptool" subj=system_u:system_r:unconfined_service_t:s0
key=(null)

I'm not sure why these are running the same as the executable:

-rwxr-xr-x. root root system_u:object_r:lldpad_exec_t:s0 /usr/sbin/lldpad
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/sbin/lldptool

Any help would be much appreciated.





More information about the lldp-devel mailing list