| 1 |
Hi, |
| 2 |
|
| 3 |
On Wed, Jun 07, 2006 at 04:27:39PM +0200, sebastien Pastor wrote: |
| 4 |
> Hello guys, |
| 5 |
> |
| 6 |
> This is my very first POST to the list. I ve been reading a lot on |
| 7 |
> selinux for a week now, so i felt i could start installing one system |
| 8 |
> based on the gentoo selinux project of course. |
| 9 |
> I followed the handbook and now i have a system up and runnig except |
| 10 |
> that straight from the begining i have avc access denied message during |
| 11 |
> the boot. Basically every access from the init process is denied : like |
| 12 |
> |
| 13 |
> "avc denied {read write } for pid=1 comm="init" name="console" dev=hda4 |
| 14 |
> ino=301684 scontect=system_u:system_r:init_t |
| 15 |
> tcontext=system_u:object_r:file_t tclass=chr_file" |
| 16 |
|
| 17 |
init tries to read and write to /dev/console, but /dev/console has a wrong label. |
| 18 |
|
| 19 |
this is how it should look like: |
| 20 |
|
| 21 |
muttley ~ # ls -alZ /dev/console |
| 22 |
crw------- root tty system_u:object_r:console_device_t /dev/console |
| 23 |
|
| 24 |
yours is system_u:object_r:file_t, which is a bad thing. |
| 25 |
|
| 26 |
I presume you're using udev, maybe someone else can guide you on that path. |
| 27 |
I can only recommend switching to static dev. |
| 28 |
|
| 29 |
cheers, |
| 30 |
peter |
| 31 |
|
| 32 |
-- |
| 33 |
petre rodan |
| 34 |
<kaiowas@g.o> |
| 35 |
Developer, |
| 36 |
Hardened Gentoo Linux |
Archives