From: | nixnut <nixnut@×××××.nl> |
---|---|
To: | gentoo-hardened@l.g.o |
Subject: | Re: [gentoo-hardened] selinux + pty problem |
Date: | Sat, 10 Apr 2004 18:48:11 |
Message-Id: | 1081622881018725@lycos-europe.com |
1 | G'day all, |
2 | |
3 | > Why not just use |
4 | udev? It can make |
5 | all (or atleast |
6 | most) of your |
7 | devices |
8 | > without the use of |
9 | devfs, and is |
10 | selinux-compatable. |
11 | Gentoo even supports |
12 | > it in the init |
13 | scripts and has this |
14 | doc for it: |
15 | > |
16 | http://www.gentoo.org/doc/en/udev-guide.xml |
17 | |
18 | Ok, did that. Now I |
19 | get an awful lot of |
20 | messages like: |
21 | avc: denied { search |
22 | } for pid=1 |
23 | exe=/sbin/init dev= |
24 | ino=2873 |
25 | scontext=sytem |
26 | _u:system_r:init_t |
27 | tcontext=system_u:object_r:unlabeled_t |
28 | tclass=dir |
29 | What all the |
30 | messages have in |
31 | common is the |
32 | "unlabeled_t" part. |
33 | |
34 | And when logging |
35 | into a vc: |
36 | Warning! Could not |
37 | get current context |
38 | for /dev/vc/2, not |
39 | relabeling. |
40 | Warning! Could not |
41 | get current context |
42 | for /dev/vcs2, not |
43 | relabeling. |
44 | Warning! Could not |
45 | get current context |
46 | for /dev/vcsa2, not |
47 | relabeling. |
48 | |
49 | And "ls -l --context |
50 | /dev" shows that |
51 | indeed the devices |
52 | have no context. |
53 | My guess is that |
54 | this is the cause of |
55 | the problems. Is |
56 | that correct? If so, |
57 | how |
58 | do I fix that. If |
59 | not, what is really |
60 | going on? |
61 | Any help is greatly |
62 | appreciated. |
63 | |
64 | regards, |
65 | nixnut |
66 | |
67 | www.lycosmail.nl - Gratis 15 MB mailbox - Nu ook hotmail via Lycos Mail! |