Gentoo Archives: gentoo-security

From:	Chris PeBenito <pebenito@g.o>
To:	Bill McCarty <bmccarty@××××××.net>
Cc:	gentoo security <gentoo-security@l.g.o>
Subject:	Re: [gentoo-security] Learning to write SELinux policies
Date:	Sun, 18 Jan 2004 00:37:24
Message-Id:	`1074386201.11430.124.camel@chris.pebenito.net`
In Reply to:	[gentoo-security] Learning to write SELinux policies by Bill McCarty

1	On Sat, 2004-01-17 at 17:51, Bill McCarty wrote:
2	> Here's a case in point. My system is configured in permissive mode, and I'm
3	> root, in the sysadm_r role:
4	>
5	> I launch the Samhain executable, but it doesn't run:
6	>
7	> > # /usr/local/sbin/samhain -t check
8	> > -/bin/bash: /usr/local/sbin/samhain: Permission denied
9
10	The TE rules only describes the ways to transition to the samhain_t
11	domain, but the role also has to be allowed to exist in the samhain_t
12	domain. Adding this will probably fix it:
13
14	role sysadm_r types samhain_t;
15
16	I'm not sure why this type of problem doesn't generate any messages.
17	BTW, this type of question goes better on the hardened ml.
18
19	--
20	Chris PeBenito
21	<pebenito@g.o>
22	Developer,
23	Hardened Gentoo Linux
24	Embedded Gentoo Linux
25
26	Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
27	Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

File name	MIME type
signature.asc	application/pgp-signature

Subject	Author
Re: [gentoo-security] Learning to write SELinux policies	Bill McCarty <bmccarty@××××××.net>