Dell vasd triggering lots of SELinux errors about /var/opt/quest/vas/vasd/.vasd40_ipc_sock
Issue
- Users managed by
VAScannot usedbus/messagebus(with selinux enabled) -
Seeing tons of AVC denial errors in audit.log regarding vasd, e.g.:
[root]# ausearch -i -m avc | egrep -o 'name=\S+' | sort | uniq -c 154 name=/var/opt/quest/vas/vasd/.vasd40_ipc_sock 75 name=vasd 64 name=.vasd40_ipc_sock [root]# ausearch -m avc -f /var/opt/quest/vas/vasd/.vasd40_ipc_sock | aureport | grep AVC Number of AVC's: 125 -
When run
audit2allowagainst audit.log, it wants to allow many things related to "initrc_t", e.g.:[root]# ausearch -m avc -f /var/opt/quest/vas/vasd/.vasd40_ipc_sock | audit2allow #============= postfix_cleanup_t ============== allow postfix_cleanup_t initrc_t:unix_stream_socket connectto; allow postfix_cleanup_t var_auth_t:sock_file write; #============= postfix_master_t ============== allow postfix_master_t initrc_t:unix_stream_socket connectto; allow postfix_master_t var_auth_t:sock_file write; #============= postfix_pickup_t ============== allow postfix_pickup_t initrc_t:unix_stream_socket connectto; allow postfix_pickup_t var_auth_t:sock_file write; #============= postfix_showq_t ============== allow postfix_showq_t initrc_t:unix_stream_socket connectto; allow postfix_showq_t var_auth_t:sock_file write; #============= postfix_smtp_t ============== allow postfix_smtp_t initrc_t:unix_stream_socket connectto; allow postfix_smtp_t var_auth_t:sock_file write; #============= sshd_t ============== allow sshd_t initrc_t:unix_stream_socket connectto; #============= system_dbusd_t ============== allow system_dbusd_t initrc_t:unix_stream_socket connectto; allow system_dbusd_t var_auth_t:sock_file write; #============= systemd_logind_t ============== allow systemd_logind_t initrc_t:unix_stream_socket connectto; allow systemd_logind_t var_auth_t:sock_file write;
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Dell Authentication Services (a.k.a QAS or VAS)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
