Archives
Archives
| From: | nixnut <nixnut@×××××.nl> |
|---|---|
| To: | gentoo-hardened@l.g.o |
| Subject: | Re: [gentoo-hardened] selinux + pty problem |
| Date: | Sat, 10 Apr 2004 18:48:11 |
| Message-Id: | 1081622881018725@lycos-europe.com |
| 1 | G'day all, |
| 2 | |
| 3 | > Why not just use |
| 4 | udev? It can make |
| 5 | all (or atleast |
| 6 | most) of your |
| 7 | devices |
| 8 | > without the use of |
| 9 | devfs, and is |
| 10 | selinux-compatable. |
| 11 | Gentoo even supports |
| 12 | > it in the init |
| 13 | scripts and has this |
| 14 | doc for it: |
| 15 | > |
| 16 | http://www.gentoo.org/doc/en/udev-guide.xml |
| 17 | |
| 18 | Ok, did that. Now I |
| 19 | get an awful lot of |
| 20 | messages like: |
| 21 | avc: denied { search |
| 22 | } for pid=1 |
| 23 | exe=/sbin/init dev= |
| 24 | ino=2873 |
| 25 | scontext=sytem |
| 26 | _u:system_r:init_t |
| 27 | tcontext=system_u:object_r:unlabeled_t |
| 28 | tclass=dir |
| 29 | What all the |
| 30 | messages have in |
| 31 | common is the |
| 32 | "unlabeled_t" part. |
| 33 | |
| 34 | And when logging |
| 35 | into a vc: |
| 36 | Warning! Could not |
| 37 | get current context |
| 38 | for /dev/vc/2, not |
| 39 | relabeling. |
| 40 | Warning! Could not |
| 41 | get current context |
| 42 | for /dev/vcs2, not |
| 43 | relabeling. |
| 44 | Warning! Could not |
| 45 | get current context |
| 46 | for /dev/vcsa2, not |
| 47 | relabeling. |
| 48 | |
| 49 | And "ls -l --context |
| 50 | /dev" shows that |
| 51 | indeed the devices |
| 52 | have no context. |
| 53 | My guess is that |
| 54 | this is the cause of |
| 55 | the problems. Is |
| 56 | that correct? If so, |
| 57 | how |
| 58 | do I fix that. If |
| 59 | not, what is really |
| 60 | going on? |
| 61 | Any help is greatly |
| 62 | appreciated. |
| 63 | |
| 64 | regards, |
| 65 | nixnut |
| 66 | |
| 67 | www.lycosmail.nl - Gratis 15 MB mailbox - Nu ook hotmail via Lycos Mail! |