| 1 |
hello, |
| 2 |
|
| 3 |
I have just installed selinux on my gentoo box, and getting difficulties in |
| 4 |
permissive mode. If someone can have a look at this and point me |
| 5 |
somewhere... |
| 6 |
|
| 7 |
Emerge doesn't work If i run it from terminal in X11 - it call traces, |
| 8 |
cant merge anything. In dmesg I can find: |
| 9 |
|
| 10 |
---------------- |
| 11 |
type=1400 audit(1342877962.365:424): avc: denied { read write } for |
| 12 |
pid=15719 comm="sh" name="1" dev="devpts" ino=4 |
| 13 |
scontext=system_u:system_r:portage_fetch_t |
| 14 |
tcontext=system_u:object_r:devpts_t tclass=chr_file |
| 15 |
type=1400 audit(1342877962.367:425): avc: denied { search } for |
| 16 |
pid=15719 comm="sh" name="ivan" dev="dm-3" ino=20709377 |
| 17 |
scontext=system_u:system_r:portage_fetch_t |
| 18 |
tcontext=staff_u:object_r:user_home_dir_t tclass=dir |
| 19 |
type=1400 audit(1342877962.394:426): avc: denied { search } for |
| 20 |
pid=15720 comm="id" name="/" dev="sysfs" ino=1 |
| 21 |
scontext=system_u:system_r:portage_fetch_t |
| 22 |
tcontext=system_u:object_r:sysfs_t tclass=dir |
| 23 |
type=1400 audit(1342878036.496:428): avc: denied { read write } for |
| 24 |
pid=15894 comm="emerge" name="1" dev="devpts" ino=4 |
| 25 |
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t |
| 26 |
tclass=chr_file |
| 27 |
type=1400 audit(1342878036.500:429): avc: denied { ioctl } for pid=15894 |
| 28 |
comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 |
| 29 |
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t |
| 30 |
tclass=chr_file |
| 31 |
type=1400 audit(1342878036.505:430): avc: denied { getattr } for |
| 32 |
pid=15894 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 |
| 33 |
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t |
| 34 |
tclass=chr_file |
| 35 |
type=1400 audit(1342878083.667:431): avc: denied { read write } for |
| 36 |
pid=16890 comm="sh" name="1" dev="devpts" ino=4 |
| 37 |
scontext=system_u:system_r:portage_fetch_t |
| 38 |
tcontext=system_u:object_r:devpts_t tclass=chr_file |
| 39 |
type=1400 audit(1342878083.671:432): avc: denied { search } for |
| 40 |
pid=16892 comm="id" name="/" dev="sysfs" ino=1 |
| 41 |
scontext=system_u:system_r:portage_fetch_t |
| 42 |
tcontext=system_u:object_r:sysfs_t tclass=dir |
| 43 |
---------------- |
| 44 |
I'm running xdm - gdm3 to be more accurate - and as normal user in terminal |
| 45 |
I switch to root and then do newrole -t sysadm_t - after that I'm trying to |
| 46 |
emerge something. |
| 47 |
Ofcourse from raw console a.k.a. non X env, emerging works. |
| 48 |
|
| 49 |
Additional info: |
| 50 |
---------------- |
| 51 |
# sestatus |
| 52 |
SELinux status: enabled |
| 53 |
SELinuxfs mount: /sys/fs/selinux |
| 54 |
SELinux root directory: /etc/selinux |
| 55 |
Loaded policy name: targeted |
| 56 |
Current mode: permissive |
| 57 |
Mode from config file: permissive |
| 58 |
Policy MLS status: disabled |
| 59 |
Policy deny_unknown status: denied |
| 60 |
Max kernel policy version: 26 |
| 61 |
---------------- |
| 62 |
# id -Z // after switching to root and changing newrole |
| 63 |
system_u:system_r:sysadm_t |
| 64 |
---------------- |
| 65 |
all installed sec-policy packages are from hardened-devel overlay = |
| 66 |
2.20120215-r14 |
| 67 |
---------------- |
| 68 |
I did rlpkg -a -r so many times.. :-) |
| 69 |
|
| 70 |
thanks in advance |
| 71 |
|
| 72 |
Ivan Gooten |
Archives