Fedora Linux Support Community & Resources Center
  #1  
Old 12th December 2005, 11:41 PM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Question SElinux preventing simple output redirection from writing to file

FC4, running ping in a KDE console window. Of course, I'm a newbie.

I'm trying to redirect the output of ping to a file. I get a 0 byte file as a result.

I tried all the examples under REDIRECTION under 'man sh'. The examples work for the programs in the examples, but trying the same redirection operators with ping fails. Perhaps ping does not use stdout or stderror?

I'm curious if this is caused by something I should be doing differently?

Last edited by funchords; 16th December 2005 at 11:06 PM. Reason: Changed title from "BASH: How to redirect ping output to file?"
Reply With Quote
  #2  
Old 12th December 2005, 11:53 PM
blue13130 Offline
Registered User
 
Join Date: May 2005
Location: London, ON, Canada
Age: 34
Posts: 312
Try this:

$ ping -c 10 www.yahoo.ca > pingoutput

(change the -c 10 to the number of pings you want to send out)
then to read it type:

$ more pingoutput
Reply With Quote
  #3  
Old 13th December 2005, 05:23 PM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Quote:
Originally Posted by blue13130
Try this:

$ ping -c 10 www.yahoo.ca > pingoutput

(change the -c 10 to the number of pings you want to send out)
then to read it type:

$ more pingoutput
Thanks, Blue. This is what I get:
[robb@topol003 ~]$ ping -c 10 www.yahoo.ca > pingoutput
[robb@topol003 ~]$ more pingoutput
[robb@topol003 ~]$ ls -al pingoutput
-rw-rw-r-- 1 robb robb 0 Dec 13 08:17 pingoutput
[robb@topol003 ~]$


Do you get a different result?
Reply With Quote
  #4  
Old 13th December 2005, 10:20 PM
IronWolf Offline
Registered User
 
Join Date: Dec 2005
Posts: 198
The 'more pingoutput' should have shown you the ten replies from the ping in the first command. What if you just type:

ping -c 10 www.yahoo.ca

Do you get replies back to those pings?
Reply With Quote
  #5  
Old 14th December 2005, 06:04 AM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Quote:
Originally Posted by IronWolf
The 'more pingoutput' should have shown you the ten replies from the ping in the first command.
Yes, I thought so, too.

Quote:
Originally Posted by IronWolf
What if you just type:

ping -c 10 www.yahoo.ca

Do you get replies back to those pings?
[robb@topol003 ~]$ ping -c 4 www.yahoo.ca
PING rc.yahoo.akadns.net (216.109.112.135) 56(84) bytes of data.
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=0 ttl=44 time=119 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=1 ttl=44 time=109 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=2 ttl=44 time=132 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=3 ttl=44 time=140 ms

--- rc.yahoo.akadns.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3014ms
rtt min/avg/max/mdev = 109.273/125.172/140.063/11.872 ms, pipe 2
[robb@topol003 ~]$ ping -c 4 www.yahoo.ca > pingoutput
[robb@topol003 ~]$ more pingoutput
[robb@topol003 ~]$ echo this is a test > pingoutput
[robb@topol003 ~]$ more pingoutput
this is a test
[robb@topol003 ~]$
Reply With Quote
  #6  
Old 14th December 2005, 07:33 AM
peters Offline
Registered User
 
Join Date: May 2005
Posts: 165
I think something is horribly wrong...

[peters@peters home ~]$ ping -c1 www.yahoo.com > deleteme
[peters@peters home ~]$ cat deleteme
PING www.yahoo.akadns.net (66.94.230.36) 56(84) bytes of data.
64 bytes from p5.www.scd.yahoo.com (66.94.230.36): icmp_seq=0 ttl=57 time=58.9 ms

--- www.yahoo.akadns.net ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 58.925/58.925/58.925/0.000 ms, pipe 2
[peters@peters home ~]$


Somehow this is not happening for you??

Try this: rpm -Vf `which ping`
I'm curious to see if your ping command is broken.. Have you tried different terminals? Try running xterm and try the same commands.

P
Reply With Quote
  #7  
Old 14th December 2005, 04:45 PM
blue13130 Offline
Registered User
 
Join Date: May 2005
Location: London, ON, Canada
Age: 34
Posts: 312
Quote:
Do you get a different result?
Yes
Code:
[sanjay@SJPFC4 ~]$ ping -c4 www.yahoo.ca > pingoutput
[sanjay@SJPFC4 ~]$ ll pingoutput
-rw-rw-r--  1 sanjay sanjay 586 Dec 14 10:42 pingoutput
[sanjay@SJPFC4 ~]$ more pingoutput
PING rc.yahoo.akadns.net (216.109.112.135) 56(84) bytes of data.
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=0 ttl=52 time=37.9 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=1 ttl=51 time=36.5 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=2 ttl=51 time=36.5 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=3 ttl=52 time=37.8 ms

--- rc.yahoo.akadns.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3009ms
rtt min/avg/max/mdev = 36.527/37.241/37.993/0.711 ms, pipe 2
[sanjay@SJPFC4 ~]$
I am not sure why it isn't working for you!
Reply With Quote
  #8  
Old 14th December 2005, 11:38 PM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Quote:
Originally Posted by peters
Try this: rpm -Vf `which ping`
Thanks peters!

Code:
[root@topol003 ~]# rpm -Vf `which ping`
[root@topol003 ~]#
Reply With Quote
  #9  
Old 14th December 2005, 11:50 PM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Quote:
Originally Posted by peters
I'm curious to see if your ping command is broken.. Have you tried different terminals? Try running xterm and try the same commands.
I get exactly the same behavior as with the terminal program. I couldn't figure out how to copy and paste the output, but it is exactly the same.

Thanks for the suggestions! Please keep the ideas coming. It's not holding up any work, but I'm curious to learn both why this is happening and how to troubleshoot things like this.
__________________
Robb Topolski
www.funchords.com
Networks/Wi-Fi: Expert, Windows/DOS: Expert, Linux: Shell User, some config skills
Reply With Quote
  #10  
Old 15th December 2005, 12:08 AM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Here is a lead. This is from /var/log/audit/audit.log ...

I'm not sure if this means that it is a permissions issue, but this happens when I'm logged in as root as well as when I'm logged into a user account
Code:
type=AVC msg=audit(1134599953.748:32): avc:  denied  { write } for  pid=5503 comm="ping" name="pingoutput2" dev=dm-0 ino=916895 scontext=root:system_r:ping_t tcontext=root:object_r:user_home_t tclass=file
type=SYSCALL msg=audit(1134599953.748:32): arch=40000003 syscall=11 success=yes exit=0 a0=8d64360 a1=8d56400 a2=8d51520 a3=1 items=2 pid=5503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ping" exe="/bin/ping"
type=AVC_PATH msg=audit(1134599953.748:32):  path="/root/pingoutput2"
type=CWD msg=audit(1134599953.748:32):  cwd="/root"
type=PATH msg=audit(1134599953.748:32): item=0 name="/bin/ping" flags=101  inode=5499653 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1134599953.748:32): item=1 flags=101  inode=5892482 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
Reply With Quote
  #11  
Old 15th December 2005, 12:28 AM
peters Offline
Registered User
 
Join Date: May 2005
Posts: 165
Oh wow.. SELinux is disabling the file write ... Well, that shouldn't be happening, especially since you are root. Can you describe to us exactly how you are logging in to root? Are you using 'su' or are you logging into X windows as root, etc?
Reply With Quote
  #12  
Old 15th December 2005, 12:57 AM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Okay, here's more

The output of audit2why < audit.log
Code:
.
.
.
type=AVC msg=audit(1134599953.748:32): avc:  denied  { write } for  pid=5503 comm="ping" name="pingoutput2" dev=dm-0 ino=916895 scontext=root:system_r:ping_t tcontext=root:object_r:user_home_t tclass=file
        Was caused by:
                Missing or disabled TE allow rule.
                Allow rules may exist but be disabled by boolean settings; check boolean settings.
                You can see the necessary allow rules by running audit2allow with this audit message as input.
I saved that line into a file called auditline

Code:
[root@topol003 audit]# audit2allow -i auditline
allow ping_t user_home_t:file write;
Now "man audit2allow" gives this example set of commands:
Code:
       $ cd /etc/selinux/$(SELINUXTYPE)/src/policy
       $ /usr/bin/audit2allow -i < /var/log/audit/audit.log >> domains/misc/local.te
       <review domains/misc/local.te and customize as desired>
       $ make load
But I'm having trouble finding the path shown in the first line. The instructions are too ambiguous for my comfort level.

Suggestions?
__________________
Robb Topolski
www.funchords.com
Networks/Wi-Fi: Expert, Windows/DOS: Expert, Linux: Shell User, some config skills
Reply With Quote
  #13  
Old 15th December 2005, 01:00 AM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Quote:
Originally Posted by peters
Oh wow.. SELinux is disabling the file write ... Well, that shouldn't be happening, especially since you are root. Can you describe to us exactly how you are logging in to root? Are you using 'su' or are you logging into X windows as root, etc?
I have tried it both ways with the same result.

Then I go to Terminal Program - Super User Mode (kdesu konsole) via the menus.
__________________
Robb Topolski
www.funchords.com
Networks/Wi-Fi: Expert, Windows/DOS: Expert, Linux: Shell User, some config skills
Reply With Quote
  #14  
Old 16th December 2005, 11:01 PM
funchords Offline
Registered User
 
Join Date: Jul 2004
Location: Hillsboro, Oregon USA
Posts: 91
Update....

Still need some help with this. The commands recommended by the man page (quoted above) do not agree with my directories. For example, I have no subdirectory named domains.

Meanwhile, I have set SELinux to permissive using 'setenforce permissive' and changing the /etc/selinux/config file to also read permissive.

My ping redirection test works fine.

SO, this has become an SELinux configuration question. Can anyone help me with that?
__________________
Robb Topolski
www.funchords.com
Networks/Wi-Fi: Expert, Windows/DOS: Expert, Linux: Shell User, some config skills
Reply With Quote
  #15  
Old 17th December 2005, 02:43 AM
IronWolf Offline
Registered User
 
Join Date: Dec 2005
Posts: 198
Quote:
Originally Posted by funchords
SO, this has become an SELinux configuration question. Can anyone help me with that?
I am still working on my SELinux knowledge, but you might want to edit the thread title or start a new thread to catch the attention of the SELinux knowledgeable folks who might be able to throw some insight on the issue.
Reply With Quote
Reply

Tags
bash, file, output, ping, redirect

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ambiguous output redirect eichar Using Fedora 8 10th April 2009 03:10 PM
Redirect backup output to network printer workaholicbe Using Fedora 1 18th March 2009 12:45 PM
Bash script - File search output to new file ampapa Using Fedora 12 19th October 2006 02:49 AM
How do you put a running command in the background AND redirect its output? MarkE Using Fedora 5 1st June 2006 04:12 AM
How to redirect output to a file? mus1402 Servers & Networking 1 5th February 2006 06:11 AM


Current GMT-time: 08:44 (Sunday, 23-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Prudentopolis Instagram Photos - Tanjung Pandan - Phuntsholing Instagram Photos