1 |
On Sat, 2004-01-17 at 17:51, Bill McCarty wrote: |
2 |
> Here's a case in point. My system is configured in permissive mode, and I'm |
3 |
> root, in the sysadm_r role: |
4 |
> |
5 |
> I launch the Samhain executable, but it doesn't run: |
6 |
> |
7 |
> > # /usr/local/sbin/samhain -t check |
8 |
> > -/bin/bash: /usr/local/sbin/samhain: Permission denied |
9 |
|
10 |
The TE rules only describes the ways to transition to the samhain_t |
11 |
domain, but the role also has to be allowed to exist in the samhain_t |
12 |
domain. Adding this will probably fix it: |
13 |
|
14 |
role sysadm_r types samhain_t; |
15 |
|
16 |
I'm not sure why this type of problem doesn't generate any messages. |
17 |
BTW, this type of question goes better on the hardened ml. |
18 |
|
19 |
-- |
20 |
Chris PeBenito |
21 |
<pebenito@g.o> |
22 |
Developer, |
23 |
Hardened Gentoo Linux |
24 |
Embedded Gentoo Linux |
25 |
|
26 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
27 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |