| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
Anyone? |
| 5 |
|
| 6 |
With 2005.1 soon removed, I would like to have these issues cleared up |
| 7 |
sooner rather than later... |
| 8 |
|
| 9 |
Antoine Martin wrote: |
| 10 |
> Hi, |
| 11 |
> |
| 12 |
> make.profile -> ../usr/portage/profiles/selinux/2007.0/amd64 |
| 13 |
> Running 2.6.23.13 in non-enforcing mode, targetted policy. |
| 14 |
> |
| 15 |
> system_u:system_r:sshd_t root sshd: root@pts/0 |
| 16 |
> root:system_r:system_chkpwd_t root pts/0 00:00:00 -bash |
| 17 |
> |
| 18 |
> The first denials: |
| 19 |
> |
| 20 |
> [ 140.780441] inode_doinit_with_dentry: |
| 21 |
> context_to_sid(root:object_r:staff_tmpfs_t) returned 22 for dev=md2 |
| 22 |
> ino=961000 |
| 23 |
> [ 265.282465] audit(1200225126.688:46): avc: denied { entrypoint } |
| 24 |
> for pid=6208 comm="sshd" path="/bin/bash" dev=md0 ino=49189 |
| 25 |
> scontext=root:system_r:system_chkpwd_t |
| 26 |
> tcontext=system_u:object_r:shell_exec_t tclass=file |
| 27 |
> [ 265.282727] audit(1200225126.688:47): avc: denied { read write } |
| 28 |
> for pid=6208 comm="bash" name="0" dev=devpts ino=2 |
| 29 |
> scontext=root:system_r:system_chkpwd_t |
| 30 |
> tcontext=root:object_r:sshd_devpts_t tclass=chr_file |
| 31 |
> |
| 32 |
> Any ideas? |
| 33 |
> |
| 34 |
> |
| 35 |
> Also, was getting some denials because /lib was not labeled: |
| 36 |
> lrwxrwxrwx root root system_u:object_r:default_t /lib -> lib64 |
| 37 |
> I had to add this to file_contexts: |
| 38 |
> /lib -l system_u:object_r:lib_t |
| 39 |
> How come? |
| 40 |
> |
| 41 |
> Cheers |
| 42 |
> Antoine |
| 43 |
> |
| 44 |
|
| 45 |
-----BEGIN PGP SIGNATURE----- |
| 46 |
Version: GnuPG v2.0.7 (GNU/Linux) |
| 47 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 48 |
|
| 49 |
iD8DBQFHmzHSGK2zHPGK1rsRCg1cAJ9e7cGNBzSPlU2yil76jtkaeo7BkgCfR96k |
| 50 |
ByEAIGtMK33LZRpJiDOJfSk= |
| 51 |
=9Jle |
| 52 |
-----END PGP SIGNATURE----- |
| 53 |
-- |
| 54 |
gentoo-hardened@l.g.o mailing list |
Archives