perfSONAR User Q&A and Other Discussion

[Mark Tinberg <>]

On Apr 29, 2014, at 2:48 PM, Uhl, George D. (GSFC-423.0)[ARTS] 
<>
 wrote:

> Could this have something to do with selinux being enabled on the host?  I
> did a tcpdump on this host and never saw any traffic sent to the MA server
> on port 8086.

tcpdump would see the traffic before any packet filtering or selinux policy 
could affect it so if you aren’t seeing it inbound then it’s not getting to 
the machine at all and you can conclude the problem is not on the local 
machine.

> BTW, I'm prohibited from disabling selinux on this particular host.

As a point of reference, SELinux logs to the audit subsystem and if auditd is 
running those logs should end up in /var/log/audit/audit.log which should be 
root-only readable.  There are a lot of things which are audited by default, 
look for AVC messages, they should tell you all the information about what 
was denied, if anything.  For example, here is what happens when apache tries 
to access a users home directory when httpd_enable_homedirs has not been 
enabled by setsebool.

# grep AVC /var/log/audit/audit.log
type=AVC msg=audit(1398804336.495:232531): avc:  denied  { search } for  
pid=9160 comm="httpd" name=“test" dev=dm-0 ino=663252 
scontext=unconfined_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
type=AVC msg=audit(1398804336.498:232532): avc:  denied  { getattr } for  
pid=9160 comm="httpd" path="/home/test" dev=dm-0 ino=663252 
scontext=unconfined_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir


— 
Mark Tinberg, System Administrator
Division of Information Technology - Network Services
University of Wisconsin - Madison