selinux September 2005

selinux@lists.fedoraproject.org

42 participants
53 discussions

Problems with kerberos and SElinux
by Keith Sharp 02 Sep '05

02 Sep '05

Hello, I am running into problem with krb5kdc and SELinux. Version information: selinux-policy-targeted-1.25.3-12 kernel-2.6.12-1.1398_FC4 krb5-server-1.4.1-5 I was working with SELinux targeted and enforcing but I was having problems with kadmin so I decided to disable SELinux using /etc/sysconfig/selinux and reboot. This solved my kadmin problem so I decided to re-enable SELinux so that I could capture traces to raise a bug. When I rebooted with SELinux enabled krb5kdc failed to start and I had the following in /var/log/audit/audit.log: type=AVC msg=audit(1125672380.961:124865): avc: denied { getattr } for pid=1836 comm="krb5kdc" name="krb5kdc_rcache" dev=dm-0 ino=552323 scontext=root:system_r:krb5kdc_t tcontext=system_u:object_r:file_t tclass=file type=SYSCALL msg=audit(1125672380.961:124865): arch=40000003 syscall=195 success=no exit=-13 a0=90a3af0 a1=bff5d968 a2=3a4ff4 a3=0 items=1 pid=1836 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="krb5kdc" exe="/usr/kerberos/sbin/krb5kdc" type=AVC_PATH msg=audit(1125672380.961:124865): path="/var/tmp/krb5kdc_rcache" type=CWD msg=audit(1125672380.961:124865): cwd="/" type=PATH msg=audit(1125672380.961:124865): item=0 name="/var/tmp/krb5kdc_rcache" flags=1 inode=552323 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 and in the log /var/log/krb5kdc.log: krb5kdc: Permission denied in replay cache code - while initializing KDC replay cache 'dfl:krb5kdc_rcache' Is this a known issue, or should I Bugzilla it? Thanks, Keith.

2 3

NeedHelp: Issue on change apache DocumentRoot location on FC3
by KevinKW 01 Sep '05

01 Sep '05

Hi, I've changed the DocumentRoot directory of httpd 2.0.52 server from /var/www/html to /data/www/html, which is mounted from the disk /dev/hda8. But when I try to start httpd service, it reports warning "Warning: DocumentRoot [/data/www/html/] does not exist". I've changed its the security context by command "chcon -R -t httpd_user_content_t /data/www" but it still didnot work. The follows are the output by command "ls -Z /data/www" ============= drwxr-xr-x kevinkw kevinkw user_u:object_r:httpd_user_content_t cgi-bin drwxr-xr-x kevinkw kevinkw user_u:object_r:httpd_user_content_t error drwxr-xr-x kevinkw kevinkw user_u:object_r:httpd_user_content_t html drwxr-xr-x kevinkw kevinkw user_u:object_r:httpd_user_content_t icons ============= How can I solve this problem? Any more information needed, please let me know. Thanks very much! Best wishes, Kevin

2 1

SELinux Symposium - Call for papers reminder
by SELinux Symposium Chair 01 Sep '05

01 Sep '05

This is a reminder that paper proposals for the Second Security Enhanced Linux Symposium are due on September 19, 2005. For more information or to submit your proposal please visit http://www.selinux-symposium.org/. The full text of the call is included below for reference. SECOND SECURITY ENHANCED LINUX SYMPOSIUM (www.selinux-symposium.org) Call for Papers The call for papers for the Second Security Enhanced Linux (SELinux) Symposium is now open. The Symposium is scheduled for February 28-March 2, 2006, at the Wyndham Hotel, Baltimore, Maryland, USA. The event is the only of its kind to examine SELinux and the power of the flexible mandatory access control security it brings to Linux. Last year's inaugural symposium was a tremendous success providing the SELinux development and user community the opportunity to discuss related research results, development plans, and applications. Any topics relating to SELinux technology, flexible mandatory access control, and its application to real-world problem are of interest for this symposium. Such topic include: + Innovations and advancement in SELinux technology + Use and application of SELinux and Type Enforcement + SELinux development experiences and tools + Use and Configuration of MLS and RBAC in securing systems + Updates on the various Linux distributions using SELinux + Practical "root"-less system administration policies + Case studies and application experience SELinux + Related research and development activities + Tools and products supporting/using SELinux + Security evaluation and certification issues + User and customers concerns and needs + Tutorials No marketing pitches will be accepted. The call for papers is open until September 19, 2005. For additional information and submittal requirements, see www.selinux-symposium.org. Technical Committee: Joshua Brindle, Tresys Russell Coker, Red Hat Chad Hanson, TCS Trent Jaeger, Penn State University Pete Loscocco, NSA Karl MacMillan, Tresys Frank Mayer (Chair), Tresys James Morris, Red Hat Doc Shankar, IBM Stephen Smalley, NSA Daniel Walsh, Red Hat

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux September 2005