| 1 |
Hi guys, |
| 2 |
|
| 3 |
I am finishing a brand new Selinux install. I have still 3 avc denied |
| 4 |
message types when i boot up on enforcing mode. I hope anyone could help |
| 5 |
me in understanding why they are showing up ... i m quite a newbie so |
| 6 |
please be kind with me ;-). |
| 7 |
|
| 8 |
- the first denied concerns init running on system_u:system_r:init_t |
| 9 |
context , trying to do a getcap on a process class object with context |
| 10 |
system_u:system_r:init_t |
| 11 |
|
| 12 |
- the second denieds concerns processes run from modules-update script |
| 13 |
(id,mv,cp ..) scontext=system_u:system_r:update_modules_t trying to |
| 14 |
search directories like /var /usr etc .... : i had a look @ modutil.te |
| 15 |
and there is a bunch of dontaudit which seems to take care of this. Why |
| 16 |
do i see those denied then ? is it a well-known bug ? |
| 17 |
|
| 18 |
- the last denieds are issued by unix_chkpwd |
| 19 |
scontext=system_u:system_r:system_chkpwd_t |
| 20 |
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file |
| 21 |
|
| 22 |
Thanks in advance |
| 23 |
|
| 24 |
Regards |
| 25 |
|
| 26 |
Sebastien. |
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives