Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

自己写service文件用systemctl启动tinyfecvpn会被selinux拒绝 #89

Open
sslyd opened this issue Nov 21, 2019 · 0 comments
Open

自己写service文件用systemctl启动tinyfecvpn会被selinux拒绝 #89

sslyd opened this issue Nov 21, 2019 · 0 comments

Comments

@sslyd
Copy link

sslyd commented Nov 21, 2019

我想用systemd管理服务。自己写了个service文件。我直接执行启动命令可以启动tinyfecvpn,但是我写进service以后用systemctl启动会被selinux拒绝。我也试过用setcap cap_net_admin+ep ./tinyvpn_amd64,但是没用。只能关掉selinux使用嘛??

tinyfecvpn.service文件

[Unit]
Description=tinyfecvpn
After=network-online.target network-online.target

[Service]
Type=simple
User=root
Group=root
ExecStart=/tinyvpn_amd64 -s -l0.0.0.0:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0

[Install]
WantedBy=multi-user.target

错误日志

Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]argc=8 /tinyvpn_amd64 -s -l0.0.0.0:4096 -f20:10 -k passwd --sub-net 10.22.22.0
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]parsing address: 0.0.0.0:4096
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]its an ipv4 adress
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]ip_address is {0.0.0.0}, port is {4096}
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]sub_net 10.22.22.0
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]jitter_min=0 jitter_max=0 output_interval_min=0 output_interval_max=0 fec_timeout=8 fec_mtu=1250 fec_queue_len=200 fec_mode=0
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]fec_str=20:10
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]fec_inner_parameter=1:10,2:10,3:10,4:10,5:10,6:10,7:10,8:10,9:10,10:10,11:10,12:10,13:10,14:10,15:10,16:10,17:10,18:10,19:10,20:10
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][INFO]using interface tun534
Nov 21 07:05:15 centos8 tinyvpn_amd64[15856]: [2019-11-21 07:05:15][FATAL]open /dev/net/tun failed

audit日志

type=AVC msg=audit(1574339380.860:351): avc:  denied  { ioctl } for  pid=16014 comm="tinyvpn_amd64" path="/dev/net/tun" dev="devtmpfs" ino=21999 ioctlcmd=0x54ca scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file permissive=1


type=AVC msg=audit(1574339380.860:351): avc:  denied  { create } for  pid=16014 comm="tinyvpn_amd64" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=tun_socket permissive=1


type=SYSCALL msg=audit(1574339380.860:351): arch=x86_64 syscall=ioctl success=yes exit=0 a0=5 a1=400454ca a2=7ffdab44fa50 a3=7f44491bf580 items=0 ppid=1 pid=16014 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=tinyvpn_amd64 exe=/tinyvpn_amd64 subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=ioctl AUID=unset UID=root GID=root EUID=root SUID=root FSUID=root EGID=root SGID=root FSGID=root
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sslyd