| 1 |
hi, |
| 2 |
|
| 3 |
this morning my little box turn fully grown. ;-) |
| 4 |
I did make relabel and now I'm through with the installation-guide. |
| 5 |
btw: I would appreciate some sort of advices at the beginning of this |
| 6 |
guide. like 'don't use reiserfs, since it is not fully stable with |
| 7 |
selinux'.. |
| 8 |
|
| 9 |
anyway, I do use reiserfs. |
| 10 |
at the end of this mail you'll find my current dmesg output. |
| 11 |
no errors really but a few lines that i don't like, but don't know how |
| 12 |
to handle either.. may there be help. :D |
| 13 |
'### ' mark the lines of wuestion. |
| 14 |
I either don't know what they mean and/or what to do to avoid them. |
| 15 |
|
| 16 |
the last lines with these avc: denied... thingies are uncorrect |
| 17 |
labeled files right? a relabel does not help, what shall I do? |
| 18 |
|
| 19 |
anyway, what is a good procedure to carry on? do i have to label any |
| 20 |
emerge now? |
| 21 |
maybe someone of you knows a good basic read, from a users view. |
| 22 |
I already read a lot about policies and such. but nithing gave me a |
| 23 |
clue on how to administrate things. |
| 24 |
|
| 25 |
thanks a lot! |
| 26 |
|
| 27 |
regards |
| 28 |
/christian |
| 29 |
|
| 30 |
|
| 31 |
<snip> |
| 32 |
Linux version 2.4.20-hardened-r4 (root@cdimage) (gcc version 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r2, propolice)) #1 SMP Fri Aug 29 07:57:22 CEST 2003 |
| 33 |
BIOS-provided physical RAM map: |
| 34 |
BIOS-e820: 0000000000000000 - 00000000000a0000 (usable) |
| 35 |
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) |
| 36 |
BIOS-e820: 0000000000100000 - 0000000008000000 (usable) |
| 37 |
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved) |
| 38 |
128MB LOWMEM available. |
| 39 |
On node 0 totalpages: 32768 |
| 40 |
zone(0): 4096 pages. |
| 41 |
zone(1): 28672 pages. |
| 42 |
zone(2): 0 pages. |
| 43 |
Kernel command line: root=/dev/sda3 |
| 44 |
### No local APIC present or hardware disabled |
| 45 |
Initializing CPU#0 |
| 46 |
Detected 233.866 MHz processor. |
| 47 |
Console: colour VGA+ 80x25 |
| 48 |
Calibrating delay loop... 465.30 BogoMIPS |
| 49 |
Memory: 126392k/131072k available (1652k kernel code, 4296k reserved, -2248k data, 260k init, 0k highmem) |
| 50 |
Security Scaffold v1.0.0 initialized |
| 51 |
SELinux: Initializing. |
| 52 |
SELinux: Starting in permissive mode |
| 53 |
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes) |
| 54 |
Inode cache hash table entries: 8192 (order: 4, 65536 bytes) |
| 55 |
Mount-cache hash table entries: 2048 (order: 2, 16384 bytes) |
| 56 |
Buffer-cache hash table entries: 8192 (order: 3, 32768 bytes) |
| 57 |
Page-cache hash table entries: 32768 (order: 5, 131072 bytes) |
| 58 |
Intel Pentium with F0 0F bug - workaround enabled. |
| 59 |
CPU: After generic, caps: 008001bf 00000000 00000000 00000000 |
| 60 |
CPU: Common caps: 008001bf 00000000 00000000 00000000 |
| 61 |
Checking 'hlt' instruction... OK. |
| 62 |
POSIX conformance testing by UNIFIX |
| 63 |
CPU: After generic, caps: 008001bf 00000000 00000000 00000000 |
| 64 |
CPU: Common caps: 008001bf 00000000 00000000 00000000 |
| 65 |
CPU0: Intel Pentium MMX stepping 03 |
| 66 |
per-CPU timeslice cutoff: 160.32 usecs. |
| 67 |
task migration cache decay timeout: 10 msecs. |
| 68 |
### SMP motherboard not detected. |
| 69 |
### Local APIC not detected. Using dummy APIC emulation. |
| 70 |
migration_task 0 on cpu=0 |
| 71 |
PCI: PCI BIOS revision 2.10 entry at 0xfb550, last bus=0 |
| 72 |
PCI: Using configuration type 1 |
| 73 |
PCI: Probing PCI hardware |
| 74 |
Limiting direct PCI/PCI transfers. |
| 75 |
Linux NET4.0 for Linux 2.4 |
| 76 |
Based upon Swansea University Computer Society NET3.039 |
| 77 |
Initializing RT netlink socket |
| 78 |
Starting kswapd |
| 79 |
devfs: v1.12c (20020818) Richard Gooch (rgooch@××××××××××.au) |
| 80 |
devfs: boot_options: 0x1 |
| 81 |
### There is already a security framework initialized, register_security failed. |
| 82 |
### Failure registering capabilities with the kernel |
| 83 |
selinux_register_security: Registering secondary module capability |
| 84 |
Capability LSM initialized |
| 85 |
pty: 256 Unix98 ptys configured |
| 86 |
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled |
| 87 |
ttyS00 at 0x03f8 (irq = 4) is a 16550A |
| 88 |
ttyS01 at 0x02f8 (irq = 3) is a 16550A |
| 89 |
FDC 0 is a post-1991 82077 |
| 90 |
loop: loaded (max 8 devices) |
| 91 |
8139too Fast Ethernet driver 0.9.26 |
| 92 |
eth0: RealTek RTL8139 Fast Ethernet at 0xc8800000, 00:30:84:28:e3:12, IRQ 9 |
| 93 |
eth0: Identified 8139 chip type 'RTL-8139C' |
| 94 |
eth1: RealTek RTL8139 Fast Ethernet at 0xc8802000, 00:e0:7d:82:48:3c, IRQ 12 |
| 95 |
eth1: Identified 8139 chip type 'RTL-8139B' |
| 96 |
SCSI subsystem driver Revision: 1.00 |
| 97 |
scsi0 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.8 |
| 98 |
<Adaptec 2940 Ultra SCSI adapter> |
| 99 |
aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs |
| 100 |
|
| 101 |
Vendor: IBM Model: DCAS-34330W Rev: S65A |
| 102 |
Type: Direct-Access ANSI SCSI revision: 02 |
| 103 |
(scsi0:A:0): 40.000MB/s transfers (20.000MHz, offset 8, 16bit) |
| 104 |
Vendor: QUANTUM Model: QM39100TD-SW Rev: N1B0 |
| 105 |
Type: Direct-Access ANSI SCSI revision: 02 |
| 106 |
(scsi0:A:1): 40.000MB/s transfers (20.000MHz, offset 8, 16bit) |
| 107 |
Vendor: QUANTUM Model: QM39100TD-SW Rev: N1B0 |
| 108 |
Type: Direct-Access ANSI SCSI revision: 02 |
| 109 |
(scsi0:A:2): 40.000MB/s transfers (20.000MHz, offset 8, 16bit) |
| 110 |
Vendor: PLEXTOR Model: CD-ROM PX-40TS Rev: 1.04 |
| 111 |
Type: CD-ROM ANSI SCSI revision: 02 |
| 112 |
(scsi0:A:3): 20.000MB/s transfers (20.000MHz, offset 15) |
| 113 |
scsi0:A:0:0: Tagged Queuing enabled. Depth 253 |
| 114 |
scsi0:A:1:0: Tagged Queuing enabled. Depth 253 |
| 115 |
scsi0:A:2:0: Tagged Queuing enabled. Depth 253 |
| 116 |
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0 |
| 117 |
Attached scsi disk sdb at scsi0, channel 0, id 1, lun 0 |
| 118 |
Attached scsi disk sdc at scsi0, channel 0, id 2, lun 0 |
| 119 |
SCSI device sda: 8467200 512-byte hdwr sectors (4335 MB) |
| 120 |
Partition check: |
| 121 |
/dev/scsi/host0/bus0/target0/lun0: p1 p2 p3 p4 < p5 p6 p7 > |
| 122 |
SCSI device sdb: 17783249 512-byte hdwr sectors (9105 MB) |
| 123 |
/dev/scsi/host0/bus0/target1/lun0: p1 |
| 124 |
SCSI device sdc: 17783249 512-byte hdwr sectors (9105 MB) |
| 125 |
/dev/scsi/host0/bus0/target2/lun0: p1 |
| 126 |
Attached scsi CD-ROM sr0 at scsi0, channel 0, id 3, lun 0 |
| 127 |
sr0: scsi-1 drive |
| 128 |
Uniform CD-ROM driver Revision: 3.12 |
| 129 |
NET4: Linux TCP/IP 1.0 for NET4.0 |
| 130 |
IP Protocols: ICMP, UDP, TCP, IGMP |
| 131 |
IP: routing cache hash table of 1024 buckets, 8Kbytes |
| 132 |
TCP: Hash tables configured (established 8192 bind 8192) |
| 133 |
klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: super-freeswan-1.99.7rc2 |
| 134 |
klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15) |
| 135 |
klips_info:ipsec_alg_init: calling ipsec_alg_static_init() |
| 136 |
ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0 |
| 137 |
ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0 |
| 138 |
ipsec_serpent_init(alg_type=15 alg_id=252 name=serpent): ret=0 |
| 139 |
ipsec_twofish_init(alg_type=15 alg_id=253 name=twofish): ret=0 |
| 140 |
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. |
| 141 |
reiserfs: checking transaction log (device 08:03) ... |
| 142 |
Using r5 hash to sort names |
| 143 |
ReiserFS version 3.6.25 |
| 144 |
VFS: Mounted root (reiserfs filesystem) readonly. |
| 145 |
SELinux: Completing initialization. |
| 146 |
security: loading policy configuration from /etc/security/selinux/policy.12 |
| 147 |
security: 3 users, 6 roles, 338 types |
| 148 |
security: 29 classes, 22793 rules |
| 149 |
SELinux: initialized (dev 08:03, type reiserfs), uses PSIDs |
| 150 |
SELinux: initialized (dev 00:08, type devpts), uses transition SIDs |
| 151 |
SELinux: initialized (dev 00:07, type devfs), uses genfs_contexts |
| 152 |
SELinux: initialized (dev 00:06, type binfmt_misc), not configured for labeling |
| 153 |
SELinux: initialized (dev 00:05, type pipefs), uses task SIDs |
| 154 |
SELinux: initialized (dev 00:04, type tmpfs), uses transition SIDs |
| 155 |
SELinux: initialized (dev 00:03, type sockfs), uses task SIDs |
| 156 |
SELinux: initialized (dev 00:02, type proc), uses genfs_contexts |
| 157 |
SELinux: initialized (dev 00:01, type bdev), not configured for labeling |
| 158 |
SELinux: initialized (dev 00:00, type rootfs), not configured for labeling |
| 159 |
Mounted devfs on /dev |
| 160 |
Freeing unused kernel memory: 260k freed |
| 161 |
### Adding Swap: 498004k swap-space (priority -1) |
| 162 |
|
| 163 |
### avc: denied { getattr } for pid=221 exe=/sbin/reiserfsck scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:proc_t tclass=filesystem |
| 164 |
reiserfs: checking transaction log (device 08:05) ... |
| 165 |
Using r5 hash to sort names |
| 166 |
ReiserFS version 3.6.25 |
| 167 |
SELinux: initialized (dev 08:05, type reiserfs), uses PSIDs |
| 168 |
reiserfs: checking transaction log (device 08:06) ... |
| 169 |
Using r5 hash to sort names |
| 170 |
ReiserFS version 3.6.25 |
| 171 |
SELinux: initialized (dev 08:06, type reiserfs), uses PSIDs |
| 172 |
reiserfs: checking transaction log (device 08:07) ... |
| 173 |
Using r5 hash to sort names |
| 174 |
ReiserFS version 3.6.25 |
| 175 |
SELinux: initialized (dev 08:07, type reiserfs), uses PSIDs |
| 176 |
reiserfs: checking transaction log (device 08:11) ... |
| 177 |
Using r5 hash to sort names |
| 178 |
ReiserFS version 3.6.25 |
| 179 |
SELinux: initialized (dev 08:11, type reiserfs), uses PSIDs |
| 180 |
reiserfs: checking transaction log (device 08:21) ... |
| 181 |
Using r5 hash to sort names |
| 182 |
ReiserFS version 3.6.25 |
| 183 |
SELinux: initialized (dev 08:21, type reiserfs), uses PSIDs |
| 184 |
SELinux: initialized (dev 00:09, type tmpfs), uses transition SIDs |
| 185 |
|
| 186 |
### avc: denied { append } for pid=694 exe=/usr/sbin/syslog-ng path=/vc/12 dev=00:07 ino=26 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tty_device_t tclass=chr_file |
| 187 |
|
| 188 |
### avc: denied { setattr } for pid=694 exe=/usr/sbin/syslog-ng path=/vc/12 dev=00:07 ino=26 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tty_device_t tclass=chr_file |
| 189 |
eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1. |
| 190 |
eth1: Setting half-duplex based on auto-negotiated partner ability 0000. |
| 191 |
|
| 192 |
### avc: denied { write } for pid=978 exe=/bin/bash path=/root dev=08:03 ino=5186 scontext=root:staff_r:staff_t tcontext=system_u:object_r:sysadm_home_dir_t tclass=dir |
| 193 |
|
| 194 |
### avc: denied { add_name } for pid=978 exe=/bin/bash path=/root/dmesg.out scontext=root:staff_r:staff_t tcontext=system_u:object_r:sysadm_home_dir_t tclass=dir |
| 195 |
|
| 196 |
### avc: denied { create } for pid=978 exe=/bin/bash path=/root/dmesg.out scontext=root:staff_r:staff_t tcontext=root:object_r:sysadm_home_dir_t tclass=file |
| 197 |
</snip> |
| 198 |
|
| 199 |
|
| 200 |
gruss |
| 201 |
/Christian mailto:caefer@××××××××××.net |
| 202 |
|
| 203 |
--- |
| 204 |
|
| 205 |
|
| 206 |
I propose that the following character sequence for joke markers: |
| 207 |
|
| 208 |
:-) |
| 209 |
|
| 210 |
19-Sep-82 11:44 Scott E Fahlman |
| 211 |
|
| 212 |
|
| 213 |
-- |
| 214 |
gentoo-hardened@g.o mailing list |
Archives