1 |
On Tue, 2003-11-25 at 01:02, Tad wrote: |
2 |
> There are no denial messages. From the root:portage_r:portage_t read and |
3 |
|
4 |
> I can see nothing wrong so this is really perplexing. |
5 |
> What is especially odd is the lack of denial messages. |
6 |
|
7 |
Well this was a sneaky bug. Only people that change to portage_r would |
8 |
see this. The problem was that portage_t could transition to |
9 |
setfiles_t, but portage_r could not have the setfiles_t type. If you |
10 |
use the sysadm_t auto-transition, which most people seem to do, the role |
11 |
stays as sysadm_r, which was allowed setfiles_t, and thus wouldn't run |
12 |
into this problem. Please try adding on this patch, it should fix it. |
13 |
|
14 |
cd /etc/security/selinux/src/policy |
15 |
patch -p1 < /path/to/selinux-base-policy-20031010-r1-portage_r-types.diff |
16 |
|
17 |
-- |
18 |
Chris PeBenito |
19 |
<pebenito@g.o> |
20 |
Developer, |
21 |
Hardened Gentoo Linux |
22 |
Embedded Gentoo Linux |
23 |
|
24 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
25 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |