1 |
Hi listmembers, |
2 |
|
3 |
I've needed a little longer as suggested, I am sorry for that. |
4 |
|
5 |
Markus Dittrich wrote: |
6 |
|
7 |
>On Fri, 24 Sep 2004 23:44:15 +0200, Victor Banatean <pie_oh_pah@×××.net> wrote: |
8 |
> |
9 |
> |
10 |
> |
11 |
>>Nevertheless I found a solution, but I do not prefer it, so I'll will |
12 |
>>try it again |
13 |
>>tomorrow. If anyone have a good idea or hint,please tell it. |
14 |
>> |
15 |
>> |
16 |
> |
17 |
>Try running "strace Eterm" as your user. If you're lucky that'll show |
18 |
>you what device/file Eterm needs to open, but doesn't have permission |
19 |
>to. |
20 |
> |
21 |
> |
22 |
> |
23 |
I'd tried it and the result is that Eterm need permission on /dev/pty*. |
24 |
|
25 |
So I'd done the following: |
26 |
|
27 |
1. chmod 666 /dev/pty* => not sufficient |
28 |
|
29 |
2. ls -Z /dev => "Segmentation fault" |
30 |
How could I determine the context? |
31 |
|
32 |
3. cd /etc/security/selinux/src/policy |
33 |
make clean |
34 |
make load |
35 |
make relabel |
36 |
=> no success |
37 |
|
38 |
4. I looked, if my init could load the policy: |
39 |
# ldd /sbin/init |
40 |
linux-gate.so.1 => (0xffffe000) |
41 |
libselinux.so.1 => /lib/libselinux.so.1 (0x40025000) |
42 |
libc.so.6 => /lib/libc.so.6 (0x40035000) |
43 |
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) |
44 |
|
45 |
=> seems OK |
46 |
|
47 |
5. Next I checked the following contexts, whilst run "sestatus -v": |
48 |
|
49 |
SELinux status: enabled |
50 |
SELinuxfs mount: /selinux |
51 |
Current mode: permissive |
52 |
Policy version: 17 |
53 |
|
54 |
Policy booleans: |
55 |
user_ping inactive |
56 |
|
57 |
Process contexts: |
58 |
Current context: root:staff_r:staff_t |
59 |
Init context: system_u:system_r:init_t |
60 |
|
61 |
File contexts: |
62 |
Controlling term: unknown (Operation not supported) |
63 |
/etc/passwd system_u:object_r:etc_t |
64 |
/etc/shadow system_u:object_r:shadow_t |
65 |
/bin/bash system_u:object_r:shell_exec_t |
66 |
/bin/login system_u:object_r:login_exec_t |
67 |
/bin/sh system_u:object_r:bin_t -> |
68 |
system_u:object_r:shell_exec_t |
69 |
/sbin/agetty system_u:object_r:getty_exec_t |
70 |
/sbin/init system_u:object_r:init_exec_t |
71 |
/usr/sbin/sshd system_u:object_r:sshd_exec_t |
72 |
/usr/X11R6/bin/xdm system_u:object_r:bin_t |
73 |
/lib/libc.so.6 system_u:object_r:lib_t -> |
74 |
system_u:object_r:shlib_t |
75 |
/lib/ld-linux.so.2 system_u:object_r:lib_t -> |
76 |
system_u:object_r:ld_so_t |
77 |
|
78 |
Seems OK! |
79 |
However I didn't have the next one mentioned at |
80 |
|
81 |
"http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml?part=5&chap=2#doc_chap1": |
82 |
|
83 |
/sbin/unix_chkpwd system_u:object_r:chkpwd_exec_t |
84 |
|
85 |
Nevertheless I did not relabel the files /etc/passwd and /etc/shadow, as |
86 |
they are fine. |
87 |
|
88 |
|
89 |
6. ACCEPT_KEYWORDS="~x86" emerge --pretend --verbose udev |
90 |
=> no success |
91 |
|
92 |
7. After login, no matter what user, I everytime get the message: |
93 |
"Warning! Could not get current context for /dev/vc1, /dev/vcs1, |
94 |
/dev/vcsa1, |
95 |
not relabeling." |
96 |
Have I to solve this to solve my other problem, what are then the |
97 |
dependencies? |
98 |
|
99 |
|
100 |
I think it has to do something with the wrong, not sufficient, context, |
101 |
moreover I don't have any other ideas at the moment. |
102 |
|
103 |
Any help/hint would be great! |
104 |
|
105 |
Yours, |
106 |
Victor |
107 |
|
108 |
-- |
109 |
gentoo-hardened@g.o mailing list |