Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Jonathan <winelauncher.jonathan@××××××××××.com>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Selinux on a desktop system (targeted mode)
Date: Thu, 04 Feb 2010 05:08:04
Message-Id: 20100204050521.62b200ab@box
1 I'm trying to get Selinux to work on my desktop system, but I can not passed Udev in enforcing mode.
2 I have removed the date, time and type=1400 from all the log lines.
3
4 audit(1264997163.292:3): avc: denied { execute_no_trans } for pid=1010 comm="udevd" path="/lib64/udev/input_id" dev=sda6 ino=2395672 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:lib_t tclass=file
5 audit(1264997163.317:4): avc: denied { signal } for pid=1004 comm="udevd" scontext=system_u:system_r:udev_t tcontext=system_u:system_r:initrc_t tclass=process
6 audit(1264997163.929:5): avc: denied { read } for pid=1004 comm="udevd" path="anon_inode:[signalfd]" dev=anon_inodefs ino=373 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:anon_inodefs_t tclass=file
7 audit(1264997164.072:6): avc: denied { search } for pid=1184 comm="lvm" name="950" dev=proc ino=1979 scontext=system_u:system_r:lvm_t tcontext=system_u:system_r:initrc_t tclass=dir
8 audit(1264997164.072:7): avc: denied { read } for pid=1184 comm="lvm" name="cmdline" dev=proc ino=3832 scontext=system_u:system_r:lvm_t tcontext=system_u:system_r:initrc_t tclass=file
9 audit(1264997164.165:8): avc: denied { getattr } for pid=1184 comm="lvm" path="/dev/shm" dev=tmpfs ino=1907 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:home_root_t tclass=dir
10 audit(1264997164.165:9): avc: denied { read } for pid=1184 comm="lvm" name="shm" dev=tmpfs ino=1907 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:home_root_t tclass=dir
11 audit(1264997164.319:10): avc: denied { read write } for pid=1212 comm="fsck" name="tty1" dev=tmpfs ino=1887 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file
12 audit(1264997168.627:22): avc: denied { read write } for pid=1365 comm="dmesg" name="tty1" dev=tmpfs ino=1887 scontext=system_u:system_r:dmesg_t tcontext=system_u:object_r:tty_device_t tclass=chr_file
13
14 As you can see it's all down hill from the first error. Is this because I'm over riding a profile mask on the multilib use flag?
15
16 I'm running a AMD64 two core system using Gnome and the Slim login manager.
17 My Udev version is 151-r1. I was using the stable version and I was getting the same errors.
18 The profile I am using is Selinux/2007.0/Amd64.
19 My kernel is 2.6.31-gentoo-r10.
20 I used the Gentoo Selinux handbook[1] to setup well... Selinux, some parts of the hand book are years out of date.
21
22
23 [1] http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml

Replies

Subject Author
Re: [gentoo-hardened] Selinux on a desktop system (targeted mode) Chris Richards <gizmo@×××××××××.com>
Report Message
Find on MARC Find on Google Groups