1 |
Thanks, |
2 |
That did the trick but I feel I'm gonna need the selinux 101 guide to |
3 |
really understand how to handle a selinux system. For the moment, I hooked |
4 |
up a monitor on the server and installed many software that way but I also |
5 |
tried your instructions on the ppp daemon (for an ipsec vpn) and it |
6 |
installed fine while in a ssh session. |
7 |
|
8 |
Another question I had is; would you (or someone else in Gentoo.org) have a |
9 |
use for a howto on how to build a selinux enabled active directory system |
10 |
where all the users and administrative users are located in a samba 4 |
11 |
installation? (only root would have an account in /etc/passwd) |
12 |
|
13 |
Alain |
14 |
|
15 |
-----Message d'origine----- |
16 |
De : Sven Vermeulen [mailto:swift@g.o] |
17 |
Envoyé : 12 avril 2012 15:57 |
18 |
À : gentoo-hardened@l.g.o |
19 |
Objet : Re: [gentoo-hardened] emerge via ssh doesn't work |
20 |
|
21 |
On Thu, Apr 12, 2012 at 03:41:50PM -0400, Alain Toussaint wrote: |
22 |
> I am building a headless server and for the most part, |
23 |
> now that I have labelled everything (selinux), I am not able to |
24 |
> continue emerging software via ssh. I know that it is a security |
25 |
> features but is there something I can change in my setup or else, I’ll |
26 |
> need to get a monitor for the machine? |
27 |
|
28 |
Without the failure you get, it is not easy to tell you what to do, but my |
29 |
guess would be that, once you are logged on to the server, you are in the |
30 |
staff role: |
31 |
|
32 |
~# id -Z |
33 |
root:staff_r:staff_t |
34 |
|
35 |
In order to use Portage, you need to be in the system administration role, |
36 |
so first switch roles: |
37 |
|
38 |
~# newrole -r sysadm_r |
39 |
Password: <your root password> |
40 |
|
41 |
~# id -Z |
42 |
root:sysadm_r:sysadm_t |
43 |
|
44 |
Now you should be able to run emerge (and other administrative tasks). |
45 |
|
46 |
Wkr, |
47 |
Sven Vermeulen |