| 1 |
Thanks Petre, |
| 2 |
|
| 3 |
I switched to static dev, relabled all that and i have far less denied |
| 4 |
message now (3 in all :-D) i will dig those out .... |
| 5 |
|
| 6 |
Thanks again. |
| 7 |
|
| 8 |
Seb. |
| 9 |
|
| 10 |
|
| 11 |
Petre Rodan wrote: |
| 12 |
> Hi, |
| 13 |
> |
| 14 |
> On Wed, Jun 07, 2006 at 04:27:39PM +0200, sebastien Pastor wrote: |
| 15 |
> |
| 16 |
>> Hello guys, |
| 17 |
>> |
| 18 |
>> This is my very first POST to the list. I ve been reading a lot on |
| 19 |
>> selinux for a week now, so i felt i could start installing one system |
| 20 |
>> based on the gentoo selinux project of course. |
| 21 |
>> I followed the handbook and now i have a system up and runnig except |
| 22 |
>> that straight from the begining i have avc access denied message during |
| 23 |
>> the boot. Basically every access from the init process is denied : like |
| 24 |
>> |
| 25 |
>> "avc denied {read write } for pid=1 comm="init" name="console" dev=hda4 |
| 26 |
>> ino=301684 scontect=system_u:system_r:init_t |
| 27 |
>> tcontext=system_u:object_r:file_t tclass=chr_file" |
| 28 |
>> |
| 29 |
> |
| 30 |
> init tries to read and write to /dev/console, but /dev/console has a wrong label. |
| 31 |
> |
| 32 |
> this is how it should look like: |
| 33 |
> |
| 34 |
> muttley ~ # ls -alZ /dev/console |
| 35 |
> crw------- root tty system_u:object_r:console_device_t /dev/console |
| 36 |
> |
| 37 |
> yours is system_u:object_r:file_t, which is a bad thing. |
| 38 |
> |
| 39 |
> I presume you're using udev, maybe someone else can guide you on that path. |
| 40 |
> I can only recommend switching to static dev. |
| 41 |
> |
| 42 |
> cheers, |
| 43 |
> peter |
| 44 |
> |
| 45 |
> |
| 46 |
|
| 47 |
-- |
| 48 |
gentoo-hardened@g.o mailing list |
Archives