| 1 |
Thanks, |
| 2 |
That did the trick but I feel I'm gonna need the selinux 101 guide to |
| 3 |
really understand how to handle a selinux system. For the moment, I hooked |
| 4 |
up a monitor on the server and installed many software that way but I also |
| 5 |
tried your instructions on the ppp daemon (for an ipsec vpn) and it |
| 6 |
installed fine while in a ssh session. |
| 7 |
|
| 8 |
Another question I had is; would you (or someone else in Gentoo.org) have a |
| 9 |
use for a howto on how to build a selinux enabled active directory system |
| 10 |
where all the users and administrative users are located in a samba 4 |
| 11 |
installation? (only root would have an account in /etc/passwd) |
| 12 |
|
| 13 |
Alain |
| 14 |
|
| 15 |
-----Message d'origine----- |
| 16 |
De : Sven Vermeulen [mailto:swift@g.o] |
| 17 |
Envoyé : 12 avril 2012 15:57 |
| 18 |
À : gentoo-hardened@l.g.o |
| 19 |
Objet : Re: [gentoo-hardened] emerge via ssh doesn't work |
| 20 |
|
| 21 |
On Thu, Apr 12, 2012 at 03:41:50PM -0400, Alain Toussaint wrote: |
| 22 |
> I am building a headless server and for the most part, |
| 23 |
> now that I have labelled everything (selinux), I am not able to |
| 24 |
> continue emerging software via ssh. I know that it is a security |
| 25 |
> features but is there something I can change in my setup or else, I’ll |
| 26 |
> need to get a monitor for the machine? |
| 27 |
|
| 28 |
Without the failure you get, it is not easy to tell you what to do, but my |
| 29 |
guess would be that, once you are logged on to the server, you are in the |
| 30 |
staff role: |
| 31 |
|
| 32 |
~# id -Z |
| 33 |
root:staff_r:staff_t |
| 34 |
|
| 35 |
In order to use Portage, you need to be in the system administration role, |
| 36 |
so first switch roles: |
| 37 |
|
| 38 |
~# newrole -r sysadm_r |
| 39 |
Password: <your root password> |
| 40 |
|
| 41 |
~# id -Z |
| 42 |
root:sysadm_r:sysadm_t |
| 43 |
|
| 44 |
Now you should be able to run emerge (and other administrative tasks). |
| 45 |
|
| 46 |
Wkr, |
| 47 |
Sven Vermeulen |
Archives