1 |
Matt Harrison wrote: |
2 |
> Hi all, |
3 |
> |
4 |
> I've recently converted one of our firewall/router/proxies to a hardened |
5 |
> system. |
6 |
> |
7 |
> I changed the profile, rebuilt a kernel with selinux and recompiled all |
8 |
> necessary packages. |
9 |
> |
10 |
> Everything seems to be ok until I set enforcing mode to on, then I get |
11 |
> locked out of everything: |
12 |
> |
13 |
> permission denied on many binaries, ls, cat, echo etc. |
14 |
> permission on some directories ie, /root missing. |
15 |
> unable to login as perms on bash are gone. |
16 |
> |
17 |
> I also notice that courier-imap refuses to run in the right context and |
18 |
> always runs as system_u:system_r:initrc_t. |
19 |
> |
20 |
> I previously installed a virtual machine with selinux etc to see if I |
21 |
> could get my head round it and it all worked fine. |
22 |
> |
23 |
> What could be the reason for me getting locked out of my system when |
24 |
> enforce mode is enabled? |
25 |
> |
26 |
> BTW I have relabeled filesystems several times as it looked originally |
27 |
> like things just weren't labeled, however they seem fine until enforce |
28 |
> mode is enabled. |
29 |
> |
30 |
> Grateful for any help. |
31 |
> |
32 |
> Thanks |
33 |
> |
34 |
> Matt |
35 |
> |
36 |
|
37 |
No-one has any clues on this? selinux seems like a good idea for our |
38 |
firewalls and routers but i don't want to get locked out when running |
39 |
enforced. |
40 |
|
41 |
Thanks |
42 |
|
43 |
Matt |