| 1 |
On Tue, 2003-11-25 at 01:02, Tad wrote: |
| 2 |
> There are no denial messages. From the root:portage_r:portage_t read and |
| 3 |
|
| 4 |
> I can see nothing wrong so this is really perplexing. |
| 5 |
> What is especially odd is the lack of denial messages. |
| 6 |
|
| 7 |
Well this was a sneaky bug. Only people that change to portage_r would |
| 8 |
see this. The problem was that portage_t could transition to |
| 9 |
setfiles_t, but portage_r could not have the setfiles_t type. If you |
| 10 |
use the sysadm_t auto-transition, which most people seem to do, the role |
| 11 |
stays as sysadm_r, which was allowed setfiles_t, and thus wouldn't run |
| 12 |
into this problem. Please try adding on this patch, it should fix it. |
| 13 |
|
| 14 |
cd /etc/security/selinux/src/policy |
| 15 |
patch -p1 < /path/to/selinux-base-policy-20031010-r1-portage_r-types.diff |
| 16 |
|
| 17 |
-- |
| 18 |
Chris PeBenito |
| 19 |
<pebenito@g.o> |
| 20 |
Developer, |
| 21 |
Hardened Gentoo Linux |
| 22 |
Embedded Gentoo Linux |
| 23 |
|
| 24 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 25 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives