| 1 |
Hi, I installed selinux to try it out, and I have several problems. Since I am |
| 2 |
running it on a workstation -- I know, workstations are not supported yet-- |
| 3 |
therefore I am using permissive mode: |
| 4 |
|
| 5 |
SELinux status: enabled |
| 6 |
SELinuxfs mount: /selinux |
| 7 |
Current mode: permissive |
| 8 |
Policy version: 17 |
| 9 |
|
| 10 |
Policy booleans: |
| 11 |
user_ping inactive |
| 12 |
|
| 13 |
1. After I su to root and try /etc/init.d/xxx restart, I get: |
| 14 |
|
| 15 |
cannot find your entry in the passwd file. |
| 16 |
authentication failed. |
| 17 |
|
| 18 |
But if I login from console, then it works ok. I made sure I installed selinux |
| 19 |
version of required packages. Su doesn't seem to change the roles/types.. |
| 20 |
I tried newrole, but same error. What am I missing? |
| 21 |
|
| 22 |
2. I had moved several portage directories to some other partitions. Because |
| 23 |
of that this happens: |
| 24 |
|
| 25 |
euse -i selinux |
| 26 |
EUSE exiting with following errors: |
| 27 |
requires read permissions for /etc/make.profile/../use.desc. |
| 28 |
requires read permissions for /etc/make.profile/../use.local.desc. |
| 29 |
|
| 30 |
This may be related to symlink following security restriction in the kernel. |
| 31 |
Is there a workaround to this problem? I started grepping use.desc manually. |
| 32 |
|
| 33 |
3. Several times I had to go and modify /etc/make.profile/virtuals. Default |
| 34 |
virtuals only has: |
| 35 |
|
| 36 |
virtual/bootloader sys-boot/grub |
| 37 |
virtual/linux-sources sys-kernel/selinux-sources |
| 38 |
virtual/ruby dev-lang/ruby |
| 39 |
|
| 40 |
I can't emerge update system! e.g. I had to add "virtual/glibc |
| 41 |
sys-libs/glibc" by hand as fourth entry, and even more is required. I |
| 42 |
considered copying some other virtuals over this one, but it will go away |
| 43 |
after next emerge sync. I have the latest portage 2.0.50-r6. |
| 44 |
|
| 45 |
4. Is there a graphical tool to create custom .fc, .te? Any pointer to sample |
| 46 |
policy creation? I will go ahead try to vi some, but it would be nice to have |
| 47 |
one guide. Any directions to posting new custom security policies, or |
| 48 |
obtaining test-versions from a pool would also help. |
| 49 |
|
| 50 |
5. How much overhead labeling create on a filesystem with millions of files ? |
| 51 |
If I ever want to remove those xattrs from a filesystem, how can I unlabel |
| 52 |
those millions of files, if there is any way to reclaim space those extended |
| 53 |
atrributes sits on? |
| 54 |
|
| 55 |
Best, |
| 56 |
Emre |
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
-- |
| 62 |
gentoo-hardened@g.o mailing list |
Archives