| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
GNUtoo@××××××.org wrote: |
| 5 |
>> because selinux-games does not exist yet. see my other mail for details on |
| 6 |
>> how to fix this. |
| 7 |
>> |
| 8 |
> searching for your other mail i found that selinux-games is in portage but |
| 9 |
> it doesn't relabel the games in /usr/games/bin such as nexuiz and |
| 10 |
> tremulous...even after a filesystem relabel |
| 11 |
Do you mean that other binaries do get relabeled in /usr/games/bin? |
| 12 |
(that's unlikely) |
| 13 |
U tried restorecon ? |
| 14 |
|
| 15 |
>> your (underlying) /dev was not labeled. this has been covered not so long |
| 16 |
>> ago on this list. |
| 17 |
>> I recommend a static dev. |
| 18 |
> i don't know much about selinux but i think it's labeled |
| 19 |
> # ls -Z |
| 20 |
> lrwxrwxrwx root root system_u:object_r:device_t agpgart -> |
| 21 |
> misc/agpgart |
| 22 |
[snip] |
| 23 |
> lrwxrwxrwx root root system_u:object_r:device_t audio -> |
| 24 |
> crw-rw---- root tty system_u:object_r:tty_device_t vcsa7 |
| 25 |
> lrwxrwxrwx root root system_u:object_r:device_t video0 -> |
| 26 |
> v4l/video0 |
| 27 |
> drwxr-xr-x root root system_u:object_r:device_t video1394 |
| 28 |
> crw-rw-rw- root root system_u:object_r:zero_device_t zero |
| 29 |
> i don't know how the boot process work with udev so mabe it labels them |
| 30 |
> too late in the boot process |
| 31 |
Yes, I think so. That's why it was suggested that you use a static /dev. |
| 32 |
|
| 33 |
>> not sure what you try to mount here |
| 34 |
> shm /dev/shm tmpfs |
| 35 |
> nodev,nosuid,noexec,rw 0 0 |
| 36 |
> |
| 37 |
> mabe (i want to keep udev) i'll add the enforce mode when the boot process |
| 38 |
> has finished |
| 39 |
IIRC, you can use udev + tmpfs for /dev (as tmpfs also supports security |
| 40 |
labels) |
| 41 |
|
| 42 |
>> no servers here needing modules, sorry. |
| 43 |
>> |
| 44 |
> i don't understand |
| 45 |
Modules aren't really needed (or recommended) for secure servers. |
| 46 |
|
| 47 |
Antoine |
| 48 |
|
| 49 |
> |
| 50 |
> thanks a lot for responding me...i'm a selinux newbee |
| 51 |
> |
| 52 |
|
| 53 |
-----BEGIN PGP SIGNATURE----- |
| 54 |
Version: GnuPG v2.0.4 (GNU/Linux) |
| 55 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 56 |
|
| 57 |
iD8DBQFGbxFmGK2zHPGK1rsRCscKAJ9/sokTaK+BIzy7NRIRiuoH8vR3rgCfao+d |
| 58 |
PDC/oBsGmTiSMy33zAhYodg= |
| 59 |
=IWZ5 |
| 60 |
-----END PGP SIGNATURE----- |
| 61 |
-- |
| 62 |
gentoo-hardened@g.o mailing list |
Archives