Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Markus Bartl <hardened@××××××××××××××××.de>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] SELinux boot errors
Date: Wed, 01 Oct 2008 19:59:01
Message-Id: 48E3D67A.7000904@noack-ingenieure.de
In Reply to: Re: [gentoo-hardened] SELinux boot errors by William Keaney
1 William Keaney schrieb:
2 >
3 >
4 > On Wed, Oct 1, 2008 at 2:45 AM, Markus Bartl
5 > <hardened@××××××××××××××××.de <mailto:hardened@××××××××××××××××.de>>
6 > wrote:
7 >
8 > Hi Folks!
9 >
10 > Im now able to boot up in enforcing mode and log in to my system.
11 >
12 > What i still get is
13 > Sep 30 10:20:01 odin type=1400 audit(1222762783.108:5): avc:
14 > denied { read write } for pid=1278 comm="modprobe"
15 > path="/dev/null" dev=tmpfs ino=1330
16 > scontext=system_u:system_r:insmod_t
17 > tcontext=system_u:object_r:device_t tclass=chr_file
18 > ...
19 > Sep 30 10:20:01 odin type=1400 audit(1222762796.338:19): avc:
20 > denied { write } for pid=2882 comm="runscript.sh"
21 > name="resolv.conf" dev=sda3 ino=1999328
22 > scontext=system_u:system_r:initrc_t
23 > tcontext=system_u:object_r:net_conf_t tclass=file
24 > Sep 30 10:20:01 odin type=1400 audit(1222762801.746:21): avc:
25 > denied { search } for pid=3681 comm="syslog-ng" name="lib"
26 > dev=sda3 ino=770262 scontext=system_u:system_r:syslogd_t
27 > tcontext=system_u:object_r:var_lib_t tclass=dir
28 > Sep 30 10:35:05 odin type=1400 audit(1222763686.716:3): avc:
29 > denied { write } for pid=1150 comm="bash" name="null" dev=tmpfs
30 > ino=1330 scontext=system_u:system_r:initrc_t
31 > tcontext=system_u:object_r:device_t tclass=chr_file
32 >
33 > Im not quite sure if the /dev/null thing is really a problem, but
34 > the reslov.conf thing is one, because i dont get an IP from DHCP
35 > later on during boot.
36 > Again any ideas are welcome.
37 >
38 > Regards,
39 > Markus
40 >
41 >
42 > The /dev/null thing is due to a temporary mislabeling of the nodes
43 > under /dev/ during udev initialization. I have submitted a patch to
44 > Chris PeBenito that should fix this.
45 >
46 > Will
47 Ok thats one thing.
48 But the real nasty thing is the denial of write access to resolv.conf
49 which leads to an improper network configuration.
50 I would really be happy about any suggestions.
51
52 Markus

Replies

Subject Author
Re: [gentoo-hardened] SELinux boot errors Mike Edenfield <kutulu@××××××.org>
Report Message
Find on MARC Find on Google Groups