Mandos server crash
Teddy Hogeborn
teddy at recompile.se
Mon Jul 28 15:29:08 CEST 2014
Erik Logtenberg <erik at logtenberg.eu> writes:
> I am trying to run Mandos on Fedora 20. Everything compiles and installs
> just fine, however running the server causes this crash:
>
[...]
>
> It takes a little while for this error to show up, in the mean time I
> see that mandos is running and avahi-daemon is also started. I can't
> connect to mandos server with mandos-monitor though, and after half a
> minute or so it crashes with error message above.
>
> I think this is SELinux related, since putting SELinux in permissive
> mode seems to fix it. I do see mandos/dbus-related denials in audit.log:
>
> type=USER_AVC msg=audit(1406547066.559:479): pid=241 uid=81
> auid=4294967295 ses=4294967295
> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied
> { send_msg } for msgtype=method_return dest=:1.38 spid=1152 tpid=9654
> scontext=system_u:system_r:avahi_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus
> exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
You could try running with --no-dbus and --no-zeroconf (and --port). If
this works, there is definitely something up with using D-Bus. Note:
these options will preclude the use of mandos-monitor, and Mandos
clients will need the --connect option to find the server.
> Is there an SELinux policy for Mandos?
No, sorry.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20140728/e25b1998/attachment.sig>
More information about the Mandos-Dev
mailing list