1 |
Hi guys, |
2 |
|
3 |
I am finishing a brand new Selinux install. I have still 3 avc denied |
4 |
message types when i boot up on enforcing mode. I hope anyone could help |
5 |
me in understanding why they are showing up ... i m quite a newbie so |
6 |
please be kind with me ;-). |
7 |
|
8 |
- the first denied concerns init running on system_u:system_r:init_t |
9 |
context , trying to do a getcap on a process class object with context |
10 |
system_u:system_r:init_t |
11 |
|
12 |
- the second denieds concerns processes run from modules-update script |
13 |
(id,mv,cp ..) scontext=system_u:system_r:update_modules_t trying to |
14 |
search directories like /var /usr etc .... : i had a look @ modutil.te |
15 |
and there is a bunch of dontaudit which seems to take care of this. Why |
16 |
do i see those denied then ? is it a well-known bug ? |
17 |
|
18 |
- the last denieds are issued by unix_chkpwd |
19 |
scontext=system_u:system_r:system_chkpwd_t |
20 |
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file |
21 |
|
22 |
Thanks in advance |
23 |
|
24 |
Regards |
25 |
|
26 |
Sebastien. |
27 |
|
28 |
|
29 |
|
30 |
|
31 |
|
32 |
-- |
33 |
gentoo-hardened@g.o mailing list |