| 1 |
Hi, |
| 2 |
|
| 3 |
make.profile -> ../usr/portage/profiles/selinux/2007.0/amd64 |
| 4 |
Running 2.6.23.13 in non-enforcing mode, targetted policy. |
| 5 |
|
| 6 |
system_u:system_r:sshd_t root sshd: root@pts/0 |
| 7 |
root:system_r:system_chkpwd_t root pts/0 00:00:00 -bash |
| 8 |
|
| 9 |
The first denials: |
| 10 |
|
| 11 |
[ 140.780441] inode_doinit_with_dentry: |
| 12 |
context_to_sid(root:object_r:staff_tmpfs_t) returned 22 for dev=md2 |
| 13 |
ino=961000 |
| 14 |
[ 265.282465] audit(1200225126.688:46): avc: denied { entrypoint } |
| 15 |
for pid=6208 comm="sshd" path="/bin/bash" dev=md0 ino=49189 |
| 16 |
scontext=root:system_r:system_chkpwd_t |
| 17 |
tcontext=system_u:object_r:shell_exec_t tclass=file |
| 18 |
[ 265.282727] audit(1200225126.688:47): avc: denied { read write } |
| 19 |
for pid=6208 comm="bash" name="0" dev=devpts ino=2 |
| 20 |
scontext=root:system_r:system_chkpwd_t |
| 21 |
tcontext=root:object_r:sshd_devpts_t tclass=chr_file |
| 22 |
|
| 23 |
Any ideas? |
| 24 |
|
| 25 |
|
| 26 |
Also, was getting some denials because /lib was not labeled: |
| 27 |
lrwxrwxrwx root root system_u:object_r:default_t /lib -> lib64 |
| 28 |
I had to add this to file_contexts: |
| 29 |
/lib -l system_u:object_r:lib_t |
| 30 |
How come? |
| 31 |
|
| 32 |
Cheers |
| 33 |
Antoine |
| 34 |
-- |
| 35 |
gentoo-hardened@l.g.o mailing list |
Archives