Shell script execution
Stefan Paetow
Stefan.Paetow at jisc.ac.uk
Thu Apr 16 16:45:07 CEST 2015
Hi!
> To explain why I can't use the 3.x is that we're using package that
> receives the Freeradius call and do a REST API call to a distant server,
> and this package is only available for Freeradius 2.x at the moment... :(
Ahh I see.
> I've got good news:
> I try to disable SELinux and it works!!!
Ok, then it's definitely a SELinux call.
> #============= radiusd_t ==============
> allow radiusd_t user_tmp_t:file execute;
This you now turn into a SELinux policy:
Run: audit2allow -a -M radiusd_shellexecute
Then run: semodule -i radiusd_shellexecute.pp
This should install the new policy into SELinux and give radiusd the rights to execute a shell and run your script.
I would, for safety sake, run 'cat radiusd_shellexecute.te' before the 'semodule -i' call to see what the policy is that audit2allow generated.
If unsure, paste the contents of the radiusd_shellexecute.te file here... we'll have a look.
;-)
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150416/aa826647/attachment.sig>
More information about the Freeradius-Users
mailing list