Gentoo Archives: gentoo-security

From: Chris PeBenito <pebenito@g.o>
To: Bill McCarty <bmccarty@××××××.net>
Cc: gentoo security <gentoo-security@l.g.o>
Subject: Re: [gentoo-security] Learning to write SELinux policies
Date: Sun, 18 Jan 2004 00:37:24
Message-Id: 1074386201.11430.124.camel@chris.pebenito.net
In Reply to: [gentoo-security] Learning to write SELinux policies by Bill McCarty
On Sat, 2004-01-17 at 17:51, Bill McCarty wrote:
> Here's a case in point. My system is configured in permissive mode, and I'm > root, in the sysadm_r role: > > I launch the Samhain executable, but it doesn't run: > > > # /usr/local/sbin/samhain -t check > > -/bin/bash: /usr/local/sbin/samhain: Permission denied
The TE rules only describes the ways to transition to the samhain_t domain, but the role also has to be allowed to exist in the samhain_t domain. Adding this will probably fix it: role sysadm_r types samhain_t; I'm not sure why this type of problem doesn't generate any messages. BTW, this type of question goes better on the hardened ml. -- Chris PeBenito <pebenito@g.o> Developer, Hardened Gentoo Linux Embedded Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] Learning to write SELinux policies Bill McCarty <bmccarty@××××××.net>