Gentoo Archives: gentoo-security

From: Chris PeBenito <pebenito@g.o>
To: fisch <fisch@××××××××××××.de>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] SELinux and user-crontab
Date: Thu, 15 Jan 2004 19:38:05
Message-Id: 1074195349.5176.79.camel@chris.pebenito.net
In Reply to: Re: [gentoo-security] SELinux and user-crontab by fisch
On Thu, 2004-01-15 at 05:25, fisch wrote:
> I start ssh at boot (rc-update add sshd default) - is that the problem?
No, this works. Make sure that sshd runs in system_u:system_r:sshd_t (you can see by doing ps -AZ).
> > > b) user bob can't create a crontab for themself > > > what I have to do? > > my user bob: > uid=1001(bob) gid=408(cms) groups=408(cms),100(users) > context=bob:user_r:user_t
Ok, theres two things to do. Add your user bob to the cron group (usermod -G). Then apply the attached patch to your policy: cd /etc/security/selinux/src/policy patch -p1 < /path/to/opt.diff make load Then everything should work. The attached patch has already been applied to the cvs base-policy. -- Chris PeBenito <pebenito@g.o> Developer, Hardened Gentoo Linux Embedded Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
opt.diff text/x-patch
signature.asc application/pgp-signature