Selinux label for keepalived notify fifo #2451
-
What should be the selinux label and location for notify fifo? I created a fifo pipe as follows sudo mkfifo /var/run/keepalived.notify_fifo
sudo restorecon -v /var/run/keepalived.notify_fifo selinux audit message:
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
There is no should in respect of the fifo location. In large part it depends on your distro. For example the SELinux policy source files used by Fedora are at: Whenever I get an SELinux policy violation (this is on RedHat based distrubitions) the log always shows the commands to execute in order to add the required entries into the policy to grant the necessary permissions. It appears from the log entries above that this is not the case for you. SELinux policies really are outside the scope of the project in question, and are a matter for the different distros using SELinux, and the maintainers of keepalived on those distros. |
Beta Was this translation helpful? Give feedback.
There is no should in respect of the fifo location. In large part it depends on your distro. For example the SELinux policy source files used by Fedora are at:
https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/contrib/keepalived.fc
https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/contrib/keepalived.if
https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/contrib/keepalived.te
Whenever I get an SELinux policy violation (this is on RedHat based distrubitions) the log always shows the commands to execute in order to add the required entries into the policy to grant the necessary permissions. It appears from the log…