Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: GNUtoo@××××××.org
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] selinux and aselayout2 ,selinux and games(games_exec_t)
Date: Sun, 10 Jun 2007 15:15:53
Message-Id: 33007.AQdWDl5SDH8=.1181488409.squirrel@webmail.no-log.org
1 hello i just installed selinux and read the manual...i have some questions
2 about selinux:
3 *is there any tools compatible with the 2006.1 profile in portage that can
4 make security policies for applications such as tremulous and nexuiz,i
5 searched a bit on the net and i found a solution:
6 http://www.nsa.gov/selinux/list-archive/0702/19543.cfm
7 using runcon to change the context in wich the games are run but it's
8 seems that it's not supported yet:
9 # runcon -c -u system_u -r object_r -t games_exec_t ./nexuiz
10 system_u:object_r:games_exec_t is not a valid context
11
12
13 *how do i make boot possible with the enforcement mode on? i have some denys:
14 audit(1181367493.741:3): avc: denied { read write } for pid=1231
15 comm="hotplug" name="tty" dev=md3 ino=20710227
16 scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:file_t
17 tclass=chr_file
18 audit(1181367495.241:4): avc: denied { read write } for pid=1267
19 comm="mount" name="console" dev=md3 ino=20709389
20 scontext=system_u:system_r:mount_t tcontext=system_u:object_r:file_t
21 tclass=chr_file
22 audit(1181367495.241:5): avc: denied { read write } for pid=1286
23 comm="restorecon" name="console" dev=md3 ino=20709389
24 scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:file_t
25 tclass=chr_file
26 audit(1181367501.240:6): avc: denied { read write } for pid=3414
27 comm="dmsetup" name="console" dev=md3 ino=20709389
28 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t
29 tclass=chr_file
30 audit(1181367501.240:7): avc: denied { mounton } for pid=3428
31 comm="mount" name="tmp" dev=md3 ino=6668330
32 scontext=system_u:system_r:mount_t tcontext=system_u:object_r:lib_t
33 tclass=dir
34 audit(1181360304.943:8): avc: denied { getattr } for pid=3496
35 comm="update-modules" name="rc" dev=md3 ino=19466647
36 scontext=system_u:system_r:update_modules_t
37 tcontext=system_u:object_r:initrc_exec_t tclass=file
38 audit(1181360304.943:9): avc: denied { execute } for pid=3497
39 comm="update-modules" name="rc" dev=md3 ino=19466647
40 scontext=system_u:system_r:update_modules_t
41 tcontext=system_u:object_r:initrc_exec_t tclass=file
42 audit(1181360304.943:10): avc: denied { execute_no_trans } for pid=3497
43 comm="update-modules" name="rc" dev=md3 ino=19466647
44 scontext=system_u:system_r:update_modules_t
45 tcontext=system_u:object_r:initrc_exec_t tclass=file
46 audit(1181360304.943:11): avc: denied { read } for pid=3497
47 comm="update-modules" name="rc" dev=md3 ino=19466647
48 scontext=system_u:system_r:update_modules_t
49 tcontext=system_u:object_r:initrc_exec_t tclass=file
50 audit(1181360306.943:12): avc: denied { read } for pid=3495
51 comm="update-modules" name="build" dev=md3 ino=7575114
52 scontext=system_u:system_r:update_modules_t
53 tcontext=system_u:object_r:modules_object_t tclass=lnk_file
54 audit(1181360306.943:13): avc: denied { read } for pid=7144
55 comm="update-modules" name="linux-2.6.21-rt2" dev=md3 ino=2539665
56 scontext=system_u:system_r:update_modules_t
57 tcontext=system_u:object_r:src_t tclass=dir
58
59 here i have sys-apps/baselayout-2.0.0_alpha3-r1
60 --
61 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] selinux and aselayout2 ,selinux and games(games_exec_t) Petre Rodan <kaiowas@g.o>
Report Message
Find on MARC Find on Google Groups