1 |
hello, |
2 |
|
3 |
I have just installed selinux on my gentoo box, and getting difficulties in |
4 |
permissive mode. If someone can have a look at this and point me |
5 |
somewhere... |
6 |
|
7 |
Emerge doesn't work If i run it from terminal in X11 - it call traces, |
8 |
cant merge anything. In dmesg I can find: |
9 |
|
10 |
---------------- |
11 |
type=1400 audit(1342877962.365:424): avc: denied { read write } for |
12 |
pid=15719 comm="sh" name="1" dev="devpts" ino=4 |
13 |
scontext=system_u:system_r:portage_fetch_t |
14 |
tcontext=system_u:object_r:devpts_t tclass=chr_file |
15 |
type=1400 audit(1342877962.367:425): avc: denied { search } for |
16 |
pid=15719 comm="sh" name="ivan" dev="dm-3" ino=20709377 |
17 |
scontext=system_u:system_r:portage_fetch_t |
18 |
tcontext=staff_u:object_r:user_home_dir_t tclass=dir |
19 |
type=1400 audit(1342877962.394:426): avc: denied { search } for |
20 |
pid=15720 comm="id" name="/" dev="sysfs" ino=1 |
21 |
scontext=system_u:system_r:portage_fetch_t |
22 |
tcontext=system_u:object_r:sysfs_t tclass=dir |
23 |
type=1400 audit(1342878036.496:428): avc: denied { read write } for |
24 |
pid=15894 comm="emerge" name="1" dev="devpts" ino=4 |
25 |
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t |
26 |
tclass=chr_file |
27 |
type=1400 audit(1342878036.500:429): avc: denied { ioctl } for pid=15894 |
28 |
comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 |
29 |
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t |
30 |
tclass=chr_file |
31 |
type=1400 audit(1342878036.505:430): avc: denied { getattr } for |
32 |
pid=15894 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 |
33 |
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t |
34 |
tclass=chr_file |
35 |
type=1400 audit(1342878083.667:431): avc: denied { read write } for |
36 |
pid=16890 comm="sh" name="1" dev="devpts" ino=4 |
37 |
scontext=system_u:system_r:portage_fetch_t |
38 |
tcontext=system_u:object_r:devpts_t tclass=chr_file |
39 |
type=1400 audit(1342878083.671:432): avc: denied { search } for |
40 |
pid=16892 comm="id" name="/" dev="sysfs" ino=1 |
41 |
scontext=system_u:system_r:portage_fetch_t |
42 |
tcontext=system_u:object_r:sysfs_t tclass=dir |
43 |
---------------- |
44 |
I'm running xdm - gdm3 to be more accurate - and as normal user in terminal |
45 |
I switch to root and then do newrole -t sysadm_t - after that I'm trying to |
46 |
emerge something. |
47 |
Ofcourse from raw console a.k.a. non X env, emerging works. |
48 |
|
49 |
Additional info: |
50 |
---------------- |
51 |
# sestatus |
52 |
SELinux status: enabled |
53 |
SELinuxfs mount: /sys/fs/selinux |
54 |
SELinux root directory: /etc/selinux |
55 |
Loaded policy name: targeted |
56 |
Current mode: permissive |
57 |
Mode from config file: permissive |
58 |
Policy MLS status: disabled |
59 |
Policy deny_unknown status: denied |
60 |
Max kernel policy version: 26 |
61 |
---------------- |
62 |
# id -Z // after switching to root and changing newrole |
63 |
system_u:system_r:sysadm_t |
64 |
---------------- |
65 |
all installed sec-policy packages are from hardened-devel overlay = |
66 |
2.20120215-r14 |
67 |
---------------- |
68 |
I did rlpkg -a -r so many times.. :-) |
69 |
|
70 |
thanks in advance |
71 |
|
72 |
Ivan Gooten |