Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Florian Tischler <flo_list2007@×××××.at>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Problem with SELinux policy
Date: Mon, 17 Mar 2008 13:07:35
Message-Id: 200803171407.14083.flo_list2007@floti.at
In Reply to: Re: [gentoo-hardened] Problem with SELinux policy by Chris PeBenito
1 On Donnerstag, 13. März 2008, Chris PeBenito wrote:
2 > On Thu, 2008-03-13 at 17:01 +0100, Björn Fahller wrote:
3 > > On Thursday 13 March 2008 16.27.51 Chris PeBenito wrote:
4 > > > On Thu, 2008-03-13 at 15:26 +0100, Björn Fahller wrote:
5 > > > > Adding 977216k swap on /dev/hda1. Priority:-1 extents:1
6 > > > > across:977216k audit(1205311359.150:6): avc: denied { write } for
7 > > > > pid=2470 comm="runscript.sh" name="resolv.conf" dev=hda2 ino=46223216
8 > > > > scontext=system_u:system_r:initrc_t
9 > > > > tcontext=system_u:object_r:net_conf_t tclass=file
10 > > > > audit(1205311359.154:7): avc: denied { setattr } for pid=2525
11 > > > > comm="chmod" name="resolv.conf" dev=hda2 ino=46223216
12 > > > > scontext=system_u:system_r:initrc_t
13 > > > > tcontext=system_u:object_r:net_conf_t tclass=file
14 > > >
15 > > > Do you use net-dns/resolvconf-gentoo?
16 > >
17 > > No. Would it help?
18 >
19 > It was the only thing I could find that chmod'ed resolv.conf. I guess
20 > it requires more investigation.
21
22 Hi,
23
24 the chmod is in the script /lib/rcscripts/net/system.sh
25
26 Florian
27
28 > > > > eth0: link up, 100Mbps, full-duplex
29 > > > > audit(1205311366.898:11): avc: denied { nlmsg_write } for
30 > > > > pid=3576 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t
31 > > >
32 > > > I'll have to do some investigation on this one.
33 > >
34 > > If you use VirtualBox, I can give you the experiment machine to look
35 > > into.
36 >
37 > As a personal policy, I don't log on/connect to other peoples machines.
38 > However, after a litle more thought, its likely ok. Its probably from
39 > setting up the routing tables, which would be expected.
40
41
42
43 --
44 Florian Tischler
45 mailto:flo_list2007@×××××.at
46 icq:11754147
47 --
48 gentoo-hardened@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups