SELinux and Shorewall with IPSets

Dominick Grift domg472 at gmail.com
Wed Jun 30 20:15:51 UTC 2010


On 06/30/2010 09:36 PM, Mr Dash Four wrote:

> Looking at my syslog I am getting the following:
> 
> 
> ============syslog====================================
> Jun 30 20:06:36 xp1 kernel: type=1401 audit(1277924796.734:30578):
> security_compute_sid:  invalid context
> unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for
> scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process
> Jun 30 20:07:05 xp1 kernel: type=1401 audit(1277924825.706:30579):
> security_compute_sid:  invalid context
> unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for
> scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process
> Jun 30 20:07:05 xp1 kernel: type=1401 audit(1277924825.740:30580):
> security_compute_sid:  invalid context
> unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for
> scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process
> =====================================================

this is what i committed to my branch that might fix that:

------------------------ policy/modules/apps/livecd.te
------------------------
index 4e69cdf..5d1084a 100644
@@ -23,7 +23,7 @@

 domain_ptrace_all_domains(livecd_t)

-seutil_domtrans_setfiles_mac(livecd_t)
+seutil_run_setfiles_mac(livecd_t, system_r)

 manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
 manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100630/202b8da0/attachment.bin 


More information about the selinux mailing list