All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is anyone using telephone's LooingGlass with SELinux?
Telephone's LookingGlass works well on all my CentOS 6.x VPS, but ping and mtr doesn't work on my CentOS 7 VPS (I tried two VPS).
Aware of RHEL7 is SELinux enabled, I tried turning it to permissive setenforce 0
, then ping and mtr works. Apparently SELinux denied this operation.
But I don't want to abandon all SELinux functions. Which SELinux switches should I turn on using setsebool
command?
The audit.log says:
type=AVC msg=audit(1414071652.098:13859): avc: denied { create } for pid=12410 comm="ping" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=rawip_socket
type=SYSCALL msg=audit(1414071652.098:13859): arch=c000003e syscall=41 success=no exit=-13 a0=2 a1=3 a2=1 a3=7fff739ed1b0 items=0 ppid=12040 pid=12410 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="ping" exe="/usr/bin/ping" subj=system_u:system_r:httpd_t:s0 key=(null)
I also noticed ping and mtr are with capabilities while host and traceroute are not. But they still cannot be used after capabilities are removed.