May 2004 - selinux - Fedora Mailing-Lists

Difference between policy-sources and policy-strict-sources

by Jochen Schmitt

Hello, I have found the packages policy-sources-1.11.3-3 and policy-strict-sources-1.11.3-3 in the rawhide repository. I was wondering, that both packages can installed on the same system. when I enter $ rpm -qi I could found out, that both packages are based on the same Source RPM. After I have got the filelist of both packages with $ rpm -ql I have found out, that both packages contains the same files. It will be nice, if anyone can explain be the aint to build both packages and why it is possible to installed both on the same machine. I think, policy-strict-sources should contains policies with more restrictive rigths, so I assume, there should be a conflict between both packages. Best Regards: Jochen Schmitt

19 years, 11 months

2
1
0 / 0

Open policy bug reports

by Leonard den Ottolander

Hi Dan, I noticed there are a lot of open bug reports in bugzilla for policy issues that are already solved in the latest updates. Is there any reason why you don't close these bugs? They make it more difficult to get an impression of which issues still really need to be addressed. Leonard. -- mount -t life -o ro /dev/dna /genetic/research

19 years, 11 months

2
2
0 / 0

Trouble booting kernel after building a kernel on a SELinux enabled system

by Jochen Schmitt

Hello, After I have create a kernel image on a SELinux enabled system, grub complaint a access to a invalid block when the compiled kernel should be booted. But when I turn off SELinux via a boot parameter this issue didn't occured. It will nice, if anyone give me a hint. Best Regards: Jochen Schmitt

19 years, 11 months

3
5
0 / 0

Re: Inability to shutdown or reboot from gnome

by Bob Gustafson

I did some more experiments last night and found that if you boot with the Grub parameter 'selinux=0' and then login as a user and then go to Gnome by typing 'startx', you are then able to shutdown the system from the Gnome buttons - even though you are only a user. Keep in mind that under these conditions, you don't get any of the advantages of selinux. This is probably not what you want to happen in the long run. BobG On Tue, 11 May 2004 10:04:07 +0200 Matthew East wrote:>Hi Bob, thanks for your mail. Am replying just to you because I guess >that I might annoy the list, as you say, it is not an selinux issue. > >Sorry about that! > >I thought I had tried to set selinux to permissive before shutting down >from gnome, and it had worked, but I've tried it just now and it's the >same story. So I guess I'll just try and remove the buttons from gnome, >at least that way it will be tidier. I saw some threads on the >fedora-list about that so I'll go and read up. ;) > >thanks again. > >Matt > >On Mon, 2004-05-10 at 18:36, Bob Gustafson wrote: >> Hi >> >> I get that same thing. >> >> Have you tried to do a 'setenforce 0' as root just before you do a Gnome >> shutdown? >> >> I tried that just now and it still halted at the console prompt (I boot >> into run level 3 and then do a 'startx' as user to go to Gnome after boot >> up) >> >> A few weeks ago, I could shutdown from the Gnome menu, but perhaps that was >> a bug in Gnome. A user should not be able to shutdown the system (!!). >> >> When I am at the console prompt and try to do '/sbin/shutdown -r now', I >> get the message now that only root can shutdown (this is proper). >> >> Whether a user can shut down from the Gnome menu seems to be not a selinux >> issue, but just a normal security 'tighterning up' - independent of selinux. >> >> BobG >> >> >> >> >Hi, >> > >> >The shutdown or reboot buttons from the gnome menu do not work as user >> >when selinux is in enforcing mode. I get the error "unknown user" and it >> >kicks me to the gdm login screen. I'm sure this is an easy one for you >> >guys, and I have seen the question pop up on some other lists, but have >> >not found a satisfactory answer. Hope you can help!! >> > >> >thanks, Matt

19 years, 11 months

2
1
0 / 0

Cannot play audio cds

by Matthew East

Hello, I am unable to play audio cds as user with selinux as enforcing. I use FC2T3, and gnome. When opening an audio cd with gnome cd player, it gives me the error: "Disk error" and cdp gives me: "[matt@localhost matt]$ cdp As root, please run chmod 666 /dev/cdrom to give yourself permission to access the CD-ROM device." I have tried doing "chmod 666 /dev/hdc" (this has no effect). If I set selinux to permissive, and do the command, the cd player then works. I hope that you can help me, as I am not up to scratch with how selinux works. Thanks in advance, Matt

19 years, 11 months

3
3
0 / 0

Kernel_t can not execute udev_exec_t?

by Aleksey Nogin

audit(1083714147.482:0): avc: denied { execute } for pid=3273 exe=/sbin/udevd name=udev dev=hda2 ino=3875498 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:udev_exec_t tclass=file audit(1083714147.552:0): avc: denied { execute } for pid=3282 exe=/sbin/udevd name=udev dev=hda2 ino=3875498 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:udev_exec_t tclass=file policy-sources-1.11.2-21 -- Aleksey Nogin Home Page: http://nogin.org/ E-Mail: nogin(a)cs.caltech.edu (office), aleksey(a)nogin.org (personal) Office: Jorgensen 70, tel: (626) 395-2907

19 years, 11 months

1
1
0 / 0

selinux/rpm problem

by Jim Higgins

Hello, Why is it that when I install any .rpm file I get selinux line* errors, and yet it will install ok.I get a scrolling /etc/security/selinux/file_contents invalid context system_u:object_t: (and then the rpm list). Is there a script that I can edit to cure this ?? Thank You jimh __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover

19 years, 11 months

2
1
0 / 0

SELinux in FC2-Test3 - enable

by Pratik Mehta

Hi, I needed to know if this enables SELinux with FC2-Test 3 when i install: linux selinux=1 - Pratik

19 years, 11 months

2
1
0 / 0

Inability to shutdown or reboot from gnome

by Matthew East

Hi, The shutdown or reboot buttons from the gnome menu do not work as user when selinux is in enforcing mode. I get the error "unknown user" and it kicks me to the gdm login screen. I'm sure this is an easy one for you guys, and I have seen the question pop up on some other lists, but have not found a satisfactory answer. Hope you can help!! thanks, Matt

19 years, 11 months

2
1
0 / 0

Re: SE Linux policy

by Luke Kenneth Casson Leighton

> On Mon, 26 Apr 2004 20:05, Krzysztof Mazurczyk <kmazurczyk wskiz poznan > pl> > wrote: > > > > I have started playing with new SE Linux. I have it already > > > > running. > > > > BTW minor question: There are messages in log that > > > > /sbin/unix_verify > > > > is denied to do something. System is seemed to work well. Because > > > > /sbin/unix_verify is from libpam-modules I'm not sure what to do - > > > > ignore or add some rules to policy for /sbin/unix_verify. > > > > > > What access is denied? > > > > avc: denied { getattr } for pid=1768 exe=/sbin/unix_verify > > path=/proc/1768/mounts dev= ino=115867664 scontext=system_u:system_r: > > system_chkpwd_t tcontext=system_u:system_r:system_chkpwd_t tclass=file > > Allow this. The main policy will be changed to allow this. > russell, hi, sorry to be picking up on this from not being on this mailing list, and breaking the thread, but: yes i have the same issue - what policy files do i need to update, and with what? or, where can i obtain an updated .deb from that contains the necessary updates? i can quite happily read and interpret the policy files but do not yet have enough confidence to edit them. pointers to a document that would tell me things like: - to add a permission, go to file X and add what the scontext says to it. then go to file Y and add what the bit in brackets says. etc. etc. would be _very_ helpful. sincerely, l.

19 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux May 2004