1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
GNUtoo@××××××.org wrote: |
5 |
>> because selinux-games does not exist yet. see my other mail for details on |
6 |
>> how to fix this. |
7 |
>> |
8 |
> searching for your other mail i found that selinux-games is in portage but |
9 |
> it doesn't relabel the games in /usr/games/bin such as nexuiz and |
10 |
> tremulous...even after a filesystem relabel |
11 |
Do you mean that other binaries do get relabeled in /usr/games/bin? |
12 |
(that's unlikely) |
13 |
U tried restorecon ? |
14 |
|
15 |
>> your (underlying) /dev was not labeled. this has been covered not so long |
16 |
>> ago on this list. |
17 |
>> I recommend a static dev. |
18 |
> i don't know much about selinux but i think it's labeled |
19 |
> # ls -Z |
20 |
> lrwxrwxrwx root root system_u:object_r:device_t agpgart -> |
21 |
> misc/agpgart |
22 |
[snip] |
23 |
> lrwxrwxrwx root root system_u:object_r:device_t audio -> |
24 |
> crw-rw---- root tty system_u:object_r:tty_device_t vcsa7 |
25 |
> lrwxrwxrwx root root system_u:object_r:device_t video0 -> |
26 |
> v4l/video0 |
27 |
> drwxr-xr-x root root system_u:object_r:device_t video1394 |
28 |
> crw-rw-rw- root root system_u:object_r:zero_device_t zero |
29 |
> i don't know how the boot process work with udev so mabe it labels them |
30 |
> too late in the boot process |
31 |
Yes, I think so. That's why it was suggested that you use a static /dev. |
32 |
|
33 |
>> not sure what you try to mount here |
34 |
> shm /dev/shm tmpfs |
35 |
> nodev,nosuid,noexec,rw 0 0 |
36 |
> |
37 |
> mabe (i want to keep udev) i'll add the enforce mode when the boot process |
38 |
> has finished |
39 |
IIRC, you can use udev + tmpfs for /dev (as tmpfs also supports security |
40 |
labels) |
41 |
|
42 |
>> no servers here needing modules, sorry. |
43 |
>> |
44 |
> i don't understand |
45 |
Modules aren't really needed (or recommended) for secure servers. |
46 |
|
47 |
Antoine |
48 |
|
49 |
> |
50 |
> thanks a lot for responding me...i'm a selinux newbee |
51 |
> |
52 |
|
53 |
-----BEGIN PGP SIGNATURE----- |
54 |
Version: GnuPG v2.0.4 (GNU/Linux) |
55 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
56 |
|
57 |
iD8DBQFGbxFmGK2zHPGK1rsRCscKAJ9/sokTaK+BIzy7NRIRiuoH8vR3rgCfao+d |
58 |
PDC/oBsGmTiSMy33zAhYodg= |
59 |
=IWZ5 |
60 |
-----END PGP SIGNATURE----- |
61 |
-- |
62 |
gentoo-hardened@g.o mailing list |