Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Michael Metsger <themixa@×××××.com>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Problem with SELinux policy
Date: Fri, 29 Feb 2008 15:26:03
Message-Id: 621c17e70802290718u26a0bbc8hb6fbe13379146ed7@mail.gmail.com
1 Sorry if it is duplicate.
2
3 I'm trying to use "selinux/2007.0/hardened/amd64" to make
4 gentoo-hardened with selinux. I started from
5 stage3-amd64-hardened-multilib-2007.0. After update, switch to new
6 profile and agin update, booting selinux kernel and relabeling I got
7 worked system with many "avc: denied" messages. Some of them I
8 solved.
9 At this time I don't know how to solve this "avc: denied" correct:
10
11 audit(1204309161.976:3): avc: denied { write } for pid=1062
12 comm="bash" name="null" dev=tmpfs ino=1312
13 scontext=system_u:system_r:initrc_t
14 tcontext=system_u:object_r:device_t tclass=chr_file
15
16 audit(1204309162.296:4): avc: denied { read } for pid=1070
17 comm="write_root_link" name="console" dev=tmpfs ino=1306
18 scontext=system_u:system_r:initrc_t
19 tcontext=system_u:object_r:device_t tclass=chr_file
20
21 audit(1204309162.436:5): avc: denied { execute } for pid=1117
22 comm="udevd" name="usb_id" dev=sda5 ino=117936
23 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:lib_t
24 tclass=file
25
26 audit(1204309162.448:6): avc: denied { execute_no_trans } for
27 pid=1117 comm="udevd" path="/lib64/udev/usb_id" dev=sda5 ino=117936
28 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:lib_t
29 tclass=file
30
31 audit(1204309162.640:7): avc: denied { read } for pid=1178
32 comm="modprobe" path="/dev/console" dev=tmpfs ino=1306
33 scontext=system_u:system_r:insmod_t
34 tcontext=system_u:object_r:device_t tclass=chr_file
35
36 audit(1204309162.640:8): avc: denied { write } for pid=1178
37 comm="modprobe" path="/dev/null" dev=tmpfs ino=1312
38 scontext=system_u:system_r:insmod_t
39 tcontext=system_u:object_r:device_t tclass=chr_file
40
41 audit(1204309162.708:9): avc: denied { getattr } for pid=1178
42 comm="modprobe" path="/dev/null" dev=tmpfs ino=1312
43 scontext=system_u:system_r:insmod_t
44 tcontext=system_u:object_r:device_t tclass=chr_file
45
46 audit(1204309162.900:10): avc: denied { getattr } for pid=1157
47 comm="modprobe.sh" path="/etc/modprobe.conf" dev=sda5 ino=749327
48 scontext=system_u:system_r:udev_t
49 tcontext=system_u:object_r:modules_conf_t tclass=file
50
51 audit(1204309162.900:11): avc: denied { read } for pid=1526
52 comm="grep" name="modprobe.conf" dev=sda5 ino=749327
53 scontext=system_u:system_r:udev_t
54 tcontext=system_u:object_r:modules_conf_t tclass=file
55
56 audit(1204309163.008:12): avc: denied { sys_nice } for pid=1592
57 comm="modprobe" capability=23 scontext=system_u:system_r:insmod_t
58 tcontext=system_u:system_r:insmod_t tclass=capability
59
60 audit(1204309163.008:13): avc: denied { setsched } for pid=1592
61 comm="modprobe" scontext=system_u:system_r:insmod_t
62 tcontext=system_u:system_r:kernel_t tclass=process
63
64 Can anybody help me or advice?
65 --
66 gentoo-hardened@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups