From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lev Stipakov Subject: Audisp plugin and SELinux Date: Wed, 24 Feb 2016 16:40:13 +0200 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com [10.5.110.25]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u1OEtZfk027487 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 24 Feb 2016 09:55:35 -0500 Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.redhat.com (Postfix) with ESMTPS id D900C8E3DD for ; Wed, 24 Feb 2016 14:55:34 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1aYabz-0000Dh-Kl for linux-audit@redhat.com; Wed, 24 Feb 2016 15:40:19 +0100 Received: from 194.100.33.82 ([194.100.33.82]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 24 Feb 2016 15:40:19 +0100 Received: from lstipakov by 194.100.33.82 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 24 Feb 2016 15:40:19 +0100 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com Hello, My audisp plugin has a file-based database in /var/lib/xxx directory. I noticed that on systems with SELinux enabled plugin cannot read/write that file. According to ps, plugin is run under audisp_t domain: -bash-4.1$ ps axZ | grep plugin unconfined_u:system_r:audisp_t:s0 1845 ? S< 0:00 /usr/sbin/plugin 1 Obviously I don't want to disable SELinux. What would be the recommended way to allow plugin read/write file(s) under /var/run/xxx ? -Lev