| 1 |
On 16.03.2007, at 17:40, Stephen Fromm wrote: |
| 2 |
|
| 3 |
> Aside from disabling selinux entirely with the kernel paramater |
| 4 |
> selinux=0 (as previously described), you can also run selinux in |
| 5 |
> permissive mode. In this case, it will allow anything and log what |
| 6 |
> would have been denied in enforcing mode. |
| 7 |
|
| 8 |
I wanted to try out SELinux but not lock me out of my system. |
| 9 |
Therefore i used permissive mode. Now the 100s of error messages in |
| 10 |
dmesg |
| 11 |
|
| 12 |
" |
| 13 |
audit(1175815400.344:300): avc: denied { read write } for pid=7223 |
| 14 |
comm="su" name="access" dev=selinuxfs ino=6 ipaddr=*censored* |
| 15 |
scontext=user_u:user_r:user_t tcontext=system_u:object_r:security_t |
| 16 |
tclass=file |
| 17 |
" |
| 18 |
|
| 19 |
got on my nerves, so i decided to disable SELinux until i find more |
| 20 |
time to read all the docs and solve theese issues: |
| 21 |
|
| 22 |
" |
| 23 |
chris ~ # cat /proc/cmdline |
| 24 |
root=/dev/hda3 noexec=on selinux=0 |
| 25 |
chris ~ # selinuxenabled && echo 1 |
| 26 |
1 |
| 27 |
" |
| 28 |
|
| 29 |
Well... looks like it did not work. Any idea what i could do? |
| 30 |
|
| 31 |
Philipp |
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives