According to the thread, I did the followings, now, when running " dmesg" the avc lines deducted to 200 lines from more than 700 lines initially, a little progress :)<br>Here is what I did.<br><br>(1)#cp -a /dev /mnt/usb
<br>(2)cd /mnt/usb/ <br> #setfilecon system_u:object_r:console_device_t console<br> #setfilecon system_u:object_r:security_t selinux<br>(3)boot from 2005.1 selinux livecd, copy /mnt/usb/dev back<br>(4)reboot<br><br>
<br><div><span class="gmail_quote">On 9/13/07, <b class="gmail_sendername">guo walter</b> <<a href="mailto:walter.d.guo.newsgroup@...">walter.d.guo.newsgroup@...</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Or just a specific directory ( dont know whhic directory ) instead of <div><span class="e" id="q_114fc8c4f27649b7_1"><br><br><div><span class="gmail_quote">On 9/13/07, <b class="gmail_sendername">guo walter</b> <<a href="mailto:walter.d.guo.newsgroup@..." target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
walter.d.guo.newsgroup@...
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Thanks for your answer, now it seems more clear. I downloaded hardened-livecd-2005.1.iso
, but I can not use rlpkg to re-label directly from the livedcd system.<br><br>How about this idea: <br> (1) cp -a / to a USB Storage disk with jfs file system
<br> (2) mount the USB Storage jfs file system <br> (3) rlpkg -a -r<br> (4) boot from the hardened-livecd-2005.1.iso, cp -a the new labled system back.<br>Can these steps solved the problem?<br><span><br>
<br>Walter</span><div><span><br><br>
<br><br><div><span class="gmail_quote">On 9/11/07, <b class="gmail_sendername">Remy Bosch</b> <<a href="mailto:remybosch@..." target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">remybosch@...
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
guo walter wrote:<br>> Yep, my question should be the same thing with thread, and it seems<br>> there no clear solution by now, doesn't it?<br><br>Alas, no. Not as simple as in the past without selinux ;)<br>The thing here, is that at some point have a running system, but there
<br>are a few directories/files that need labeling, which cannot be done<br>straight forward, because they're used. You need the bare filesystem<br>as-is, so mount your root somewhere else and label them as wanted. It
<br>takes care of the first warnings. After that, you'll have to ask/read<br>around as information is a bit fragmented. There isn't a full easy howto<br>yet, though there are some very good starter point's - sorry, I don't
<br>have the adresses at hand here.<br><br>Good luck,<br><br><br>Remy<br><br>--<br><a href="mailto:gentoo-hardened@g.o" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">gentoo-hardened@g.o
</a> mailing list<br><br></blockquote></div><br>
</span></div></blockquote></div><br>
</span></div></blockquote></div><br>
|
