1 |
hello i just installed selinux and read the manual...i have some questions |
2 |
about selinux: |
3 |
*is there any tools compatible with the 2006.1 profile in portage that can |
4 |
make security policies for applications such as tremulous and nexuiz,i |
5 |
searched a bit on the net and i found a solution: |
6 |
http://www.nsa.gov/selinux/list-archive/0702/19543.cfm |
7 |
using runcon to change the context in wich the games are run but it's |
8 |
seems that it's not supported yet: |
9 |
# runcon -c -u system_u -r object_r -t games_exec_t ./nexuiz |
10 |
system_u:object_r:games_exec_t is not a valid context |
11 |
|
12 |
|
13 |
*how do i make boot possible with the enforcement mode on? i have some denys: |
14 |
audit(1181367493.741:3): avc: denied { read write } for pid=1231 |
15 |
comm="hotplug" name="tty" dev=md3 ino=20710227 |
16 |
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:file_t |
17 |
tclass=chr_file |
18 |
audit(1181367495.241:4): avc: denied { read write } for pid=1267 |
19 |
comm="mount" name="console" dev=md3 ino=20709389 |
20 |
scontext=system_u:system_r:mount_t tcontext=system_u:object_r:file_t |
21 |
tclass=chr_file |
22 |
audit(1181367495.241:5): avc: denied { read write } for pid=1286 |
23 |
comm="restorecon" name="console" dev=md3 ino=20709389 |
24 |
scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:file_t |
25 |
tclass=chr_file |
26 |
audit(1181367501.240:6): avc: denied { read write } for pid=3414 |
27 |
comm="dmsetup" name="console" dev=md3 ino=20709389 |
28 |
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t |
29 |
tclass=chr_file |
30 |
audit(1181367501.240:7): avc: denied { mounton } for pid=3428 |
31 |
comm="mount" name="tmp" dev=md3 ino=6668330 |
32 |
scontext=system_u:system_r:mount_t tcontext=system_u:object_r:lib_t |
33 |
tclass=dir |
34 |
audit(1181360304.943:8): avc: denied { getattr } for pid=3496 |
35 |
comm="update-modules" name="rc" dev=md3 ino=19466647 |
36 |
scontext=system_u:system_r:update_modules_t |
37 |
tcontext=system_u:object_r:initrc_exec_t tclass=file |
38 |
audit(1181360304.943:9): avc: denied { execute } for pid=3497 |
39 |
comm="update-modules" name="rc" dev=md3 ino=19466647 |
40 |
scontext=system_u:system_r:update_modules_t |
41 |
tcontext=system_u:object_r:initrc_exec_t tclass=file |
42 |
audit(1181360304.943:10): avc: denied { execute_no_trans } for pid=3497 |
43 |
comm="update-modules" name="rc" dev=md3 ino=19466647 |
44 |
scontext=system_u:system_r:update_modules_t |
45 |
tcontext=system_u:object_r:initrc_exec_t tclass=file |
46 |
audit(1181360304.943:11): avc: denied { read } for pid=3497 |
47 |
comm="update-modules" name="rc" dev=md3 ino=19466647 |
48 |
scontext=system_u:system_r:update_modules_t |
49 |
tcontext=system_u:object_r:initrc_exec_t tclass=file |
50 |
audit(1181360306.943:12): avc: denied { read } for pid=3495 |
51 |
comm="update-modules" name="build" dev=md3 ino=7575114 |
52 |
scontext=system_u:system_r:update_modules_t |
53 |
tcontext=system_u:object_r:modules_object_t tclass=lnk_file |
54 |
audit(1181360306.943:13): avc: denied { read } for pid=7144 |
55 |
comm="update-modules" name="linux-2.6.21-rt2" dev=md3 ino=2539665 |
56 |
scontext=system_u:system_r:update_modules_t |
57 |
tcontext=system_u:object_r:src_t tclass=dir |
58 |
|
59 |
here i have sys-apps/baselayout-2.0.0_alpha3-r1 |
60 |
-- |
61 |
gentoo-hardened@g.o mailing list |