| 1 |
I have gone through the entire guide, and still hangs on init. An |
| 2 |
interesting note is that I had to install sysvinit(!) since it apparantly |
| 3 |
wasn't installed. I had to do it by specifically referencing the ebuild |
| 4 |
since all packages were masked. The odd thing is that I must have some |
| 5 |
kind of init in order to boot into permissive mode. |
| 6 |
|
| 7 |
The other thing is that I have to go into /etc/security/selinux/src/policy |
| 8 |
and run "make load" in order to get any info at all from sestatus (if I do |
| 9 |
not load it just says "selinux: disabled"). |
| 10 |
|
| 11 |
Here is my latest sestatus: |
| 12 |
|
| 13 |
SELinux status: enabled |
| 14 |
SELinuxfs mount: /selinux |
| 15 |
Current mode: permissive |
| 16 |
Policy version: 17 |
| 17 |
|
| 18 |
Process contexts: |
| 19 |
Current context: system_u:system_r:kernel_t |
| 20 |
Init context: system_u:system_r:kernel_t |
| 21 |
/sbin/agetty system_u:system_r:kernel_t |
| 22 |
/usr/sbin/sshd system_u:system_r:kernel_t |
| 23 |
|
| 24 |
File contexts: |
| 25 |
Controlling term: system_u:object_r:devpts_t |
| 26 |
/etc/passwd system_u:object_r:etc_t |
| 27 |
/etc/shadow system_u:object_r:shadow_t |
| 28 |
/bin/bash system_u:object_r:shell_exec_t |
| 29 |
/bin/login system_u:object_r:login_exec_t |
| 30 |
/bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t |
| 31 |
/sbin/agetty system_u:object_r:getty_exec_t |
| 32 |
/sbin/init system_u:object_r:init_exec_t |
| 33 |
/usr/sbin/sshd system_u:object_r:sshd_exec_t |
| 34 |
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t |
| 35 |
/lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t |
| 36 |
|
| 37 |
Ryan Caron |
| 38 |
|
| 39 |
On Fri, 22 Oct 2004, Paul C. Kunysch wrote: |
| 40 |
|
| 41 |
> Ryan Caron wrote: |
| 42 |
> |
| 43 |
> > Process contexts: |
| 44 |
> > Current context: system_u:system_r:kernel_t |
| 45 |
> > Init context: system_u:system_r:kernel_t |
| 46 |
> > /sbin/agetty system_u:system_r:kernel_t |
| 47 |
> |
| 48 |
> That looks wrong ... this document describes how to fix it: |
| 49 |
> "Trouble Logging in Remotely" <http://tinyurl.com/5kaxf> |
| 50 |
> |
| 51 |
> I had simmilar problems yesterday ... I thought that the current kernel |
| 52 |
> from "hardened-dev-sources" might work with the new reiserfs security |
| 53 |
> labels, but the labels were deleted when my (v3.6) partition was |
| 54 |
> unmounted. :-/ |
| 55 |
> |
| 56 |
> I'd suggest that you fix all auditing problems during startup before you |
| 57 |
> enable "enforcing". |
| 58 |
> |
| 59 |
> Best regards, Paul |
| 60 |
> |
| 61 |
> |
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
-- |
| 66 |
gentoo-hardened@g.o mailing list |
Archives