node contexts
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 21 18:11:31 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/21/2012 12:31 PM, Andy Ruch wrote:
> Hello,
>
> I'm setting up a system where the nodes need to have different types.
> Currently, I'm getting an AVC denial for a node but I don't know which
> node.
>
> My questions:
>
> 1) Is it possible to know which node an AVC message is referencing?
>
> 2) Is there a way to see all the node contexts? I know "semanage node -l"
> will show my local nodecon modifications but how do I list all the nodes?
>
> 3) I tried to add a "nodecon" statement to the corenetwork.te file but the
> policy won't compile. How can I label a node from the policy? Here is what
> I tried: type my_lo_node_t; corenet_node( my_lo_node_t ) nodecon 127.0.0.1
> 255.255.255.255 gen_context(system_u:object_r:my_lo_node_t, s0)
>
>
> Thanks, Andy Ruch -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
The AVC should have the node information.
I believe you can define the node in policy but have to use semanage to place
it on a ip address. This is what we are doing in OpenShift BTW.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlCtGVMACgkQrlYvE4MpobPFzACgyYrpsw/FPSdxAx3bi0kpRY5P
q00Anj/97BgmWFjqWBwUmwy42CGBTocJ
=GdY5
-----END PGP SIGNATURE-----
More information about the selinux
mailing list