1 |
On 16.03.2007, at 17:40, Stephen Fromm wrote: |
2 |
|
3 |
> Aside from disabling selinux entirely with the kernel paramater |
4 |
> selinux=0 (as previously described), you can also run selinux in |
5 |
> permissive mode. In this case, it will allow anything and log what |
6 |
> would have been denied in enforcing mode. |
7 |
|
8 |
I wanted to try out SELinux but not lock me out of my system. |
9 |
Therefore i used permissive mode. Now the 100s of error messages in |
10 |
dmesg |
11 |
|
12 |
" |
13 |
audit(1175815400.344:300): avc: denied { read write } for pid=7223 |
14 |
comm="su" name="access" dev=selinuxfs ino=6 ipaddr=*censored* |
15 |
scontext=user_u:user_r:user_t tcontext=system_u:object_r:security_t |
16 |
tclass=file |
17 |
" |
18 |
|
19 |
got on my nerves, so i decided to disable SELinux until i find more |
20 |
time to read all the docs and solve theese issues: |
21 |
|
22 |
" |
23 |
chris ~ # cat /proc/cmdline |
24 |
root=/dev/hda3 noexec=on selinux=0 |
25 |
chris ~ # selinuxenabled && echo 1 |
26 |
1 |
27 |
" |
28 |
|
29 |
Well... looks like it did not work. Any idea what i could do? |
30 |
|
31 |
Philipp |
32 |
-- |
33 |
gentoo-hardened@g.o mailing list |