1. 에러 메시지:
kernel: type=1400 audit(1404149145.749:40): avc: denied { write } for pid=438 comm="ifconfig" path="/tmp/edscan.lck" dev=xvda3 ino=390926 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file
2. 원인:
- SELinux 설정값이 enforcing 으로 되어 있을 때 발생하는 메시지
3. 조치 방안:
- setenforce 명령 실행
# setenforce 0 // SELinux 데몬 끄기(setenforce 1 은 켜기)
- 위 명령이 정상 수행되지 않을 경우, /etc/sysconfig/selinux 파일의 SELINUX 항목 값을 확인한 후, disabled 로 변경하고 OS reboot
[root@ktdsoss01 ~]# vi /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted |
4. 참조 URL:
https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details
http://www.linuxtopia.org/online_books/rhel5/rhel5_administration/rhel5_ch-selinux.html
http://www.oss.kr/?mid=oss_repository9&document_srl=7701&sort_index=readed_count&order_type=desc