Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Can't get selinux working properly
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Kosa
Tux's lil' helper
Tux's lil' helper


Joined: 03 May 2005
Posts: 106
Location: Prague
PostPosted: Sat Sep 02, 2006 11:58 am    Post subject: Can't get selinux working properly Reply with quote
Hi everyone,
i've just instaled my very first Hardened Gentoo with SELinux. I started with normal 2006.0 stage3, to have glibc 2.3.6 and gcc 3.4.6. Than i followed the conversion manual butnow SELinux starts with buch of error messages. Dmesg looks like this:
Code:
FS mount for filesystem: md2
VFS: Mounted root (xfs filesystem) readonly.
Freeing unused kernel memory: 152k freed
security:  3 users, 5 roles, 512 types, 3 bools
security:  55 classes, 10758 rules
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev md2, type xfs), uses xattr
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev eventpollfs, type eventpollfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
audit(1157197237.920:2): avc:  denied  { read } for  pid=837 comm="hotplug" name="passwd" dev=md2 ino=394208 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:e
tc_t tclass=file
audit(1157197237.920:3): avc:  denied  { getattr } for  pid=837 comm="hotplug" name="passwd" dev=md2 ino=394208 scontext=system_u:system_r:kernel_t tcontext=system_u:object_
r:etc_t tclass=file
audit(1157197237.930:4): avc:  denied  { ioctl } for  pid=837 comm="hotplug" name="hotplug" dev=md2 ino=655477 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r
:hotplug_exec_t tclass=file
audit(1157197237.950:5): avc:  denied  { read write } for  pid=1 comm="init" name="console" dev=md2 ino=254777 scontext=system_u:system_r:init_t tcontext=system_u:object_r:f
ile_t tclass=chr_file
audit(1157197237.950:6): avc:  denied  { read } for  pid=838 comm="10-udev.hotplug" name="urandom" dev=md2 ino=131144 scontext=system_u:system_r:udev_t tcontext=system_u:obj
ect_r:file_t tclass=chr_file
audit(1157197237.970:7): avc:  denied  { ioctl } for  pid=1 comm="init" name="tty0" dev=md2 ino=255147 scontext=system_u:system_r:init_t tcontext=system_u:object_r:file_t tc
lass=chr_file
audit(1157197237.970:8): avc:  denied  { read } for  pid=840 comm="hotplug" name="urandom" dev=md2 ino=131144 scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r
:file_t tclass=chr_file
audit(1157197237.980:9): avc:  denied  { write } for  pid=840 comm="hotplug" name="tty" dev=md2 ino=254661 scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:fi
le_t tclass=chr_file
audit(1157197238.050:10): avc:  denied  { getcap } for  pid=1 comm="init" scontext=system_u:system_r:init_t tcontext=system_u:system_r:init_t tclass=process
audit(1157197238.050:11): avc:  denied  { setcap } for  pid=1 comm="init" scontext=system_u:system_r:init_t tcontext=system_u:system_r:init_t tclass=process
audit(1157197238.080:12): avc:  denied  { read write } for  pid=880 comm="rc" name="console" dev=md2 ino=254777 scontext=system_u:system_r:initrc_t tcontext=system_u:object_
r:file_t tclass=chr_file
audit(1157197238.120:13): avc:  denied  { read write } for  pid=883 comm="consoletype" name="console" dev=md2 ino=254777 scontext=system_u:system_r:consoletype_t tcontext=sy
stem_u:object_r:file_t tclass=chr_file
audit(1157197238.120:14): avc:  denied  { read } for  pid=883 comm="consoletype" name="ld.so.cache" dev=md2 ino=394531 scontext=system_u:system_r:consoletype_t tcontext=root
:object_r:etc_t tclass=file
audit(1157197238.120:15): avc:  denied  { getattr } for  pid=883 comm="consoletype" name="ld.so.cache" dev=md2 ino=394531 scontext=system_u:system_r:consoletype_t tcontext=r
oot:object_r:etc_t tclass=file
audit(1157197238.120:16): avc:  denied  { search } for  pid=883 comm="consoletype" name="dev" dev=md2 ino=131143 scontext=system_u:system_r:consoletype_t tcontext=system_u:o
bject_r:file_t tclass=dir
audit(1157197238.120:17): avc:  denied  { getattr } for  pid=883 comm="consoletype" name="console" dev=md2 ino=254777 scontext=system_u:system_r:consoletype_t tcontext=syste
m_u:object_r:file_t tclass=chr_file
audit(1157197238.120:18): avc:  denied  { ioctl } for  pid=883 comm="consoletype" name="console" dev=md2 ino=254777 scontext=system_u:system_r:consoletype_t tcontext=system_
u:object_r:file_t tclass=chr_file
audit(1157197238.140:19): avc:  denied  { ioctl } for  pid=885 comm="stty" name="console" dev=md2 ino=254777 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:f
ile_t tclass=chr_file
audit(1157197238.160:20): avc:  denied  { getattr } for  pid=880 comm="rc" name="null" dev=md2 ino=254292 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:file
_t tclass=chr_file
audit(1157197238.200:21): avc:  denied  { read write } for  pid=889 comm="mount" name="console" dev=md2 ino=254777 scontext=system_u:system_r:mount_t tcontext=system_u:objec
t_r:file_t tclass=chr_file
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
audit(1157197238.300:22): avc:  denied  { write } for  pid=922 comm="touch" name="/" dev=tmpfs ino=1093 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:tmpfs_
t tclass=dir
audit(1157197238.300:23): avc:  denied  { add_name } for  pid=922 comm="touch" name=".rcsysinit" scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:tmpfs_t tclas
s=dir
audit(1157197238.300:24): avc:  denied  { create } for  pid=922 comm="touch" name=".rcsysinit" scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:tmpfs_t tclass=
file
audit(1157197238.300:25): avc:  denied  { write } for  pid=922 comm="touch" name=".rcsysinit" dev=tmpfs ino=1094 scontext=system_u:system_r:initrc_t tcontext=system_u:object
_r:tmpfs_t tclass=file

...more output follows
Does anyone have any suggestion?
Sestatus looks like this:
Code:
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          error (No such file or directory)
Policy version:                 20
Policy from config file:        security

And my emerge info is here:
Code:
Portage 2.1-r2 (selinux/2005.1/x86/hardened, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-hardened-r11 i686)
=================================================================
System uname: 2.6.16-hardened-r11 i686 Intel(R) Pentium(R) 4 CPU 2.66GHz
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe -msse2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe -msse2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox selinux sfperms strict"
GENTOO_MIRRORS="ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.ynet.sk/pub"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="apache2 berkdb crypt dlloader hardened mmx mysql ncurses nptl nptlonly pam php pic python readline selinux sse ssl tcpd unicode x86 zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux userland_GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
Back to top
View user's profile Send private message
seventhguardian
Apprentice
Apprentice


Joined: 10 May 2004
Posts: 261
Location: Portugal
PostPosted: Wed Aug 22, 2007 6:52 pm    Post subject: Reply with quote
This may be helpful:

https://forums.gentoo.org/viewtopic-t-565872.html
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy