Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Chris PeBenito <pebenito@g.o>
To: Robert Paskowitz <rpaskowitz@×××××××××.ca>
Cc: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] SELinux init denial on startup
Date: Wed, 02 Jun 2004 14:29:38
Message-Id: 1086186571.6551.30.camel@gorn.pebenito.net
In Reply to: [gentoo-hardened] SELinux init denial on startup by Robert Paskowitz
1 On Tue, 2004-06-01 at 13:23, Robert Paskowitz wrote:
2 > audit(1086055551.860:0): avc: denied { search } for pid=1
3 > exe=/sbin/init name=vcs1 dev= ino=607 scontext=system_u:system_r:init_t
4 > tcontext=system_u:object_r:sysfs_t tclass=dir
5
6 This one is a puzzler. I bet its not fatal.
7
8 > audit(1086055554.481:0): avc: denied { search } for pid=325
9 > exe=/bin/bash name=run dev=hdb3 ino=1812855
10 > scontext=system_u:system_r:update_modules_t
11 > tcontext=system_u:object_r:var_run_t tclass=dir
12
13 This one isn't fatal, I fixed it in the cvs policy.
14
15 > audit(1086055582.167:0): avc: denied { append } for pid=5430
16 > exe=/usr/sbin/syslog-ng name=tty12 dev=hdb3 ino=98640
17 > scontext=system_u:system_r:syslogd_t
18 > tcontext=system_u:object_r:tty_device_t tclass=chr_file
19 > audit(1086055582.168:0): avc: denied { setattr } for pid=5430
20 > exe=/usr/sbin/syslog-ng name=tty12 dev=hdb3 ino=98640
21 > scontext=system_u:system_r:syslogd_t
22 > tcontext=system_u:object_r:tty_device_t tclass=chr_file
23
24 You need to uncomment the tty line in syslogd.fc:
25
26 # The syslog can log to this tty:
27 #/dev/tty12 -c system_u:object_r:syslogd_tty_device_t
28
29 Then `chcon system_u:object_r:syslogd_tty_device_t /dev/tty12`
30
31 > audit(1086055582.167:0): avc: denied { search } for pid=5430
32 > exe=/usr/sbin/syslog-ng name=vc dev= ino=181
33 > scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:sysfs_t
34 > tclass=dir
35
36 This one is probably happening for the same reason as the one for init.
37
38 --
39 Chris PeBenito
40 <pebenito@g.o>
41 Developer,
42 Hardened Gentoo Linux
43 Embedded Gentoo Linux
44
45 Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
46 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups