1 |
hi, |
2 |
|
3 |
this morning my little box turn fully grown. ;-) |
4 |
I did make relabel and now I'm through with the installation-guide. |
5 |
btw: I would appreciate some sort of advices at the beginning of this |
6 |
guide. like 'don't use reiserfs, since it is not fully stable with |
7 |
selinux'.. |
8 |
|
9 |
anyway, I do use reiserfs. |
10 |
at the end of this mail you'll find my current dmesg output. |
11 |
no errors really but a few lines that i don't like, but don't know how |
12 |
to handle either.. may there be help. :D |
13 |
'### ' mark the lines of wuestion. |
14 |
I either don't know what they mean and/or what to do to avoid them. |
15 |
|
16 |
the last lines with these avc: denied... thingies are uncorrect |
17 |
labeled files right? a relabel does not help, what shall I do? |
18 |
|
19 |
anyway, what is a good procedure to carry on? do i have to label any |
20 |
emerge now? |
21 |
maybe someone of you knows a good basic read, from a users view. |
22 |
I already read a lot about policies and such. but nithing gave me a |
23 |
clue on how to administrate things. |
24 |
|
25 |
thanks a lot! |
26 |
|
27 |
regards |
28 |
/christian |
29 |
|
30 |
|
31 |
<snip> |
32 |
Linux version 2.4.20-hardened-r4 (root@cdimage) (gcc version 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r2, propolice)) #1 SMP Fri Aug 29 07:57:22 CEST 2003 |
33 |
BIOS-provided physical RAM map: |
34 |
BIOS-e820: 0000000000000000 - 00000000000a0000 (usable) |
35 |
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) |
36 |
BIOS-e820: 0000000000100000 - 0000000008000000 (usable) |
37 |
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved) |
38 |
128MB LOWMEM available. |
39 |
On node 0 totalpages: 32768 |
40 |
zone(0): 4096 pages. |
41 |
zone(1): 28672 pages. |
42 |
zone(2): 0 pages. |
43 |
Kernel command line: root=/dev/sda3 |
44 |
### No local APIC present or hardware disabled |
45 |
Initializing CPU#0 |
46 |
Detected 233.866 MHz processor. |
47 |
Console: colour VGA+ 80x25 |
48 |
Calibrating delay loop... 465.30 BogoMIPS |
49 |
Memory: 126392k/131072k available (1652k kernel code, 4296k reserved, -2248k data, 260k init, 0k highmem) |
50 |
Security Scaffold v1.0.0 initialized |
51 |
SELinux: Initializing. |
52 |
SELinux: Starting in permissive mode |
53 |
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes) |
54 |
Inode cache hash table entries: 8192 (order: 4, 65536 bytes) |
55 |
Mount-cache hash table entries: 2048 (order: 2, 16384 bytes) |
56 |
Buffer-cache hash table entries: 8192 (order: 3, 32768 bytes) |
57 |
Page-cache hash table entries: 32768 (order: 5, 131072 bytes) |
58 |
Intel Pentium with F0 0F bug - workaround enabled. |
59 |
CPU: After generic, caps: 008001bf 00000000 00000000 00000000 |
60 |
CPU: Common caps: 008001bf 00000000 00000000 00000000 |
61 |
Checking 'hlt' instruction... OK. |
62 |
POSIX conformance testing by UNIFIX |
63 |
CPU: After generic, caps: 008001bf 00000000 00000000 00000000 |
64 |
CPU: Common caps: 008001bf 00000000 00000000 00000000 |
65 |
CPU0: Intel Pentium MMX stepping 03 |
66 |
per-CPU timeslice cutoff: 160.32 usecs. |
67 |
task migration cache decay timeout: 10 msecs. |
68 |
### SMP motherboard not detected. |
69 |
### Local APIC not detected. Using dummy APIC emulation. |
70 |
migration_task 0 on cpu=0 |
71 |
PCI: PCI BIOS revision 2.10 entry at 0xfb550, last bus=0 |
72 |
PCI: Using configuration type 1 |
73 |
PCI: Probing PCI hardware |
74 |
Limiting direct PCI/PCI transfers. |
75 |
Linux NET4.0 for Linux 2.4 |
76 |
Based upon Swansea University Computer Society NET3.039 |
77 |
Initializing RT netlink socket |
78 |
Starting kswapd |
79 |
devfs: v1.12c (20020818) Richard Gooch (rgooch@××××××××××.au) |
80 |
devfs: boot_options: 0x1 |
81 |
### There is already a security framework initialized, register_security failed. |
82 |
### Failure registering capabilities with the kernel |
83 |
selinux_register_security: Registering secondary module capability |
84 |
Capability LSM initialized |
85 |
pty: 256 Unix98 ptys configured |
86 |
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled |
87 |
ttyS00 at 0x03f8 (irq = 4) is a 16550A |
88 |
ttyS01 at 0x02f8 (irq = 3) is a 16550A |
89 |
FDC 0 is a post-1991 82077 |
90 |
loop: loaded (max 8 devices) |
91 |
8139too Fast Ethernet driver 0.9.26 |
92 |
eth0: RealTek RTL8139 Fast Ethernet at 0xc8800000, 00:30:84:28:e3:12, IRQ 9 |
93 |
eth0: Identified 8139 chip type 'RTL-8139C' |
94 |
eth1: RealTek RTL8139 Fast Ethernet at 0xc8802000, 00:e0:7d:82:48:3c, IRQ 12 |
95 |
eth1: Identified 8139 chip type 'RTL-8139B' |
96 |
SCSI subsystem driver Revision: 1.00 |
97 |
scsi0 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.8 |
98 |
<Adaptec 2940 Ultra SCSI adapter> |
99 |
aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs |
100 |
|
101 |
Vendor: IBM Model: DCAS-34330W Rev: S65A |
102 |
Type: Direct-Access ANSI SCSI revision: 02 |
103 |
(scsi0:A:0): 40.000MB/s transfers (20.000MHz, offset 8, 16bit) |
104 |
Vendor: QUANTUM Model: QM39100TD-SW Rev: N1B0 |
105 |
Type: Direct-Access ANSI SCSI revision: 02 |
106 |
(scsi0:A:1): 40.000MB/s transfers (20.000MHz, offset 8, 16bit) |
107 |
Vendor: QUANTUM Model: QM39100TD-SW Rev: N1B0 |
108 |
Type: Direct-Access ANSI SCSI revision: 02 |
109 |
(scsi0:A:2): 40.000MB/s transfers (20.000MHz, offset 8, 16bit) |
110 |
Vendor: PLEXTOR Model: CD-ROM PX-40TS Rev: 1.04 |
111 |
Type: CD-ROM ANSI SCSI revision: 02 |
112 |
(scsi0:A:3): 20.000MB/s transfers (20.000MHz, offset 15) |
113 |
scsi0:A:0:0: Tagged Queuing enabled. Depth 253 |
114 |
scsi0:A:1:0: Tagged Queuing enabled. Depth 253 |
115 |
scsi0:A:2:0: Tagged Queuing enabled. Depth 253 |
116 |
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0 |
117 |
Attached scsi disk sdb at scsi0, channel 0, id 1, lun 0 |
118 |
Attached scsi disk sdc at scsi0, channel 0, id 2, lun 0 |
119 |
SCSI device sda: 8467200 512-byte hdwr sectors (4335 MB) |
120 |
Partition check: |
121 |
/dev/scsi/host0/bus0/target0/lun0: p1 p2 p3 p4 < p5 p6 p7 > |
122 |
SCSI device sdb: 17783249 512-byte hdwr sectors (9105 MB) |
123 |
/dev/scsi/host0/bus0/target1/lun0: p1 |
124 |
SCSI device sdc: 17783249 512-byte hdwr sectors (9105 MB) |
125 |
/dev/scsi/host0/bus0/target2/lun0: p1 |
126 |
Attached scsi CD-ROM sr0 at scsi0, channel 0, id 3, lun 0 |
127 |
sr0: scsi-1 drive |
128 |
Uniform CD-ROM driver Revision: 3.12 |
129 |
NET4: Linux TCP/IP 1.0 for NET4.0 |
130 |
IP Protocols: ICMP, UDP, TCP, IGMP |
131 |
IP: routing cache hash table of 1024 buckets, 8Kbytes |
132 |
TCP: Hash tables configured (established 8192 bind 8192) |
133 |
klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: super-freeswan-1.99.7rc2 |
134 |
klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15) |
135 |
klips_info:ipsec_alg_init: calling ipsec_alg_static_init() |
136 |
ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0 |
137 |
ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0 |
138 |
ipsec_serpent_init(alg_type=15 alg_id=252 name=serpent): ret=0 |
139 |
ipsec_twofish_init(alg_type=15 alg_id=253 name=twofish): ret=0 |
140 |
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. |
141 |
reiserfs: checking transaction log (device 08:03) ... |
142 |
Using r5 hash to sort names |
143 |
ReiserFS version 3.6.25 |
144 |
VFS: Mounted root (reiserfs filesystem) readonly. |
145 |
SELinux: Completing initialization. |
146 |
security: loading policy configuration from /etc/security/selinux/policy.12 |
147 |
security: 3 users, 6 roles, 338 types |
148 |
security: 29 classes, 22793 rules |
149 |
SELinux: initialized (dev 08:03, type reiserfs), uses PSIDs |
150 |
SELinux: initialized (dev 00:08, type devpts), uses transition SIDs |
151 |
SELinux: initialized (dev 00:07, type devfs), uses genfs_contexts |
152 |
SELinux: initialized (dev 00:06, type binfmt_misc), not configured for labeling |
153 |
SELinux: initialized (dev 00:05, type pipefs), uses task SIDs |
154 |
SELinux: initialized (dev 00:04, type tmpfs), uses transition SIDs |
155 |
SELinux: initialized (dev 00:03, type sockfs), uses task SIDs |
156 |
SELinux: initialized (dev 00:02, type proc), uses genfs_contexts |
157 |
SELinux: initialized (dev 00:01, type bdev), not configured for labeling |
158 |
SELinux: initialized (dev 00:00, type rootfs), not configured for labeling |
159 |
Mounted devfs on /dev |
160 |
Freeing unused kernel memory: 260k freed |
161 |
### Adding Swap: 498004k swap-space (priority -1) |
162 |
|
163 |
### avc: denied { getattr } for pid=221 exe=/sbin/reiserfsck scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:proc_t tclass=filesystem |
164 |
reiserfs: checking transaction log (device 08:05) ... |
165 |
Using r5 hash to sort names |
166 |
ReiserFS version 3.6.25 |
167 |
SELinux: initialized (dev 08:05, type reiserfs), uses PSIDs |
168 |
reiserfs: checking transaction log (device 08:06) ... |
169 |
Using r5 hash to sort names |
170 |
ReiserFS version 3.6.25 |
171 |
SELinux: initialized (dev 08:06, type reiserfs), uses PSIDs |
172 |
reiserfs: checking transaction log (device 08:07) ... |
173 |
Using r5 hash to sort names |
174 |
ReiserFS version 3.6.25 |
175 |
SELinux: initialized (dev 08:07, type reiserfs), uses PSIDs |
176 |
reiserfs: checking transaction log (device 08:11) ... |
177 |
Using r5 hash to sort names |
178 |
ReiserFS version 3.6.25 |
179 |
SELinux: initialized (dev 08:11, type reiserfs), uses PSIDs |
180 |
reiserfs: checking transaction log (device 08:21) ... |
181 |
Using r5 hash to sort names |
182 |
ReiserFS version 3.6.25 |
183 |
SELinux: initialized (dev 08:21, type reiserfs), uses PSIDs |
184 |
SELinux: initialized (dev 00:09, type tmpfs), uses transition SIDs |
185 |
|
186 |
### avc: denied { append } for pid=694 exe=/usr/sbin/syslog-ng path=/vc/12 dev=00:07 ino=26 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tty_device_t tclass=chr_file |
187 |
|
188 |
### avc: denied { setattr } for pid=694 exe=/usr/sbin/syslog-ng path=/vc/12 dev=00:07 ino=26 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tty_device_t tclass=chr_file |
189 |
eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1. |
190 |
eth1: Setting half-duplex based on auto-negotiated partner ability 0000. |
191 |
|
192 |
### avc: denied { write } for pid=978 exe=/bin/bash path=/root dev=08:03 ino=5186 scontext=root:staff_r:staff_t tcontext=system_u:object_r:sysadm_home_dir_t tclass=dir |
193 |
|
194 |
### avc: denied { add_name } for pid=978 exe=/bin/bash path=/root/dmesg.out scontext=root:staff_r:staff_t tcontext=system_u:object_r:sysadm_home_dir_t tclass=dir |
195 |
|
196 |
### avc: denied { create } for pid=978 exe=/bin/bash path=/root/dmesg.out scontext=root:staff_r:staff_t tcontext=root:object_r:sysadm_home_dir_t tclass=file |
197 |
</snip> |
198 |
|
199 |
|
200 |
gruss |
201 |
/Christian mailto:caefer@××××××××××.net |
202 |
|
203 |
--- |
204 |
|
205 |
|
206 |
I propose that the following character sequence for joke markers: |
207 |
|
208 |
:-) |
209 |
|
210 |
19-Sep-82 11:44 Scott E Fahlman |
211 |
|
212 |
|
213 |
-- |
214 |
gentoo-hardened@g.o mailing list |