- First Post
- Replies
- Stats
-
Go to
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
I have a fresh FC2T2 install. I did the following to make up2date work:
/usr/bin/setfilecon system_u:object_r:rpm_exec_t /usr/sbin/up2date
Then I ran "up2date-nox kernel"
The following appeared. It seems the kernel did install OK.
audit(1080787992.351:0): avc: denied { search } for pid=20375
exe=/bin/bash name=root dev=hda8 ino=179873
scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
/bin/bash: /root/.bashrc: Permission denied
audit(1080787998.806:0): avc: denied { search } for pid=20791
exe=/sbin/grubby name=root dev=hda8 ino=179873
scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
On Thu, 1 Apr 2004 14:38, Dax Kelson <dax(a)gurulabs.com> wrote:
I have a fresh FC2T2 install. I did the following to make up2date
work:
/usr/bin/setfilecon system_u:object_r:rpm_exec_t /usr/sbin/up2date
Then I ran "up2date-nox kernel"
The following appeared. It seems the kernel did install OK.
audit(1080787992.351:0): avc: denied { search } for pid=20375
exe=/bin/bash name=root dev=hda8 ino=179873
scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
/bin/bash: /root/.bashrc: Permission denied
What was the working directory at the time you ran up2date? Was
it /home/something?
We don't want to grant such domains wide access, and we also don't want large
dontaudit rules (they increase the size of the policy, increase kernel memory
use, etc).
Is it acceptable that sometimes if you run something from an unusual directory
then it will cause an audit message?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Dax Kelson wrote:
I have a fresh FC2T2 install. I did the following to make up2date
work:
/usr/bin/setfilecon system_u:object_r:rpm_exec_t /usr/sbin/up2date
Then I ran "up2date-nox kernel"
The following appeared. It seems the kernel did install OK.
audit(1080787992.351:0): avc: denied { search } for pid=20375
exe=/bin/bash name=root dev=hda8 ino=179873
scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
/bin/bash: /root/.bashrc: Permission denied
audit(1080787998.806:0): avc: denied { search } for pid=20791
exe=/sbin/grubby name=root dev=hda8 ino=179873
scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Messages will be gone in tomorrows build.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
7323
days inactive
7323
days old
selinux@lists.fedoraproject.org
2 comments
3 participants
tags (0)
participants (3)
-
Daniel J Walsh -
Dax Kelson -
Russell Coker