A Red Hat Enterprise Linux SELinux policy for the Authentication Services (a.k.a QAS or VAS)
Requires:
- Quest Authentication Services 4.1.0.20886 or newer.
Dependencies:
- RHEL 6 & equivalent or higher
- policycoreutils-python (audit2allow)
- policycoreutils (semodule, restorecon)
- selinux-policy-devel
$ git clone https://github.com/quest-oss/vasd-selinux.git
$ cd vasd-selinux
$ ./vasd.shTo report an issue with the vasd-selinux module please use Bugzilla to submit a bug report. When creating a bug report please try to pinpoint the exact problem and provide detailed reproduction steps.
-- When installing the vasd.pp SELinux policy the following error may occur (RHEL bug# 1141967)
Multiple different specifications for /var/opt/quest/vas/vasd(/.*)?
On some versions of RHEL there is already a security context defined for the /var/opt/quest/vas/vasd directory.
Workaround
-
Modify the file vasd.fc and comment out the following line:
# /var/opt/quest/vas/vasd(/.*)? gen_context(system_u:object_r:vasd_var_auth_t,s0) -
Modify the file vasd.sh and add the semanage line below following section:
make -f /usr/share/selinux/devel/Makefile || exit /usr/sbin/semodule -i vasd.pp <<<<< Add below this line semanage fcontext -m -t vasd_var_auth_t "/var/opt/quest/vas/vasd(/.*)?"
-- After installing the vasd-selinux policy user home directories that were created prior to the policy being installed might have the incorrect SELinux security context label.
Workaround
It is suggested that the home directories should be restored to their default file contexts by running:
sbin/restorecon -F -R -v /homeWhere /home is the path to the users home directories that need the correct SElinux context label.
Jayson Hurst jayson.hurst@quest.com