kernel 3.9.4 on Centos6

Vadym Chepkov vchepkov at gmail.com
Wed Jun 5 21:07:40 UTC 2013 

On Jun 5, 2013, at 5:03 PM, Dominick Grift wrote:

> On Wed, 2013-06-05 at 15:44 -0400, Vadym Chepkov wrote:
>> Hi,
>> 
>> Unfortunately, Linode.com VPS provider doesn't include SELinux support in their kernels, so I had to recompile my kernel with SELinux enabled.
>> Due to some other limitations they do not support stock centos6 kernel (2.6.32) and told me to install the latest 3.x, which I did.
>> But now I see these messages in the kernel boot log, which makes me to think my SELinux is "broken"
>> 
> 
> You can ignore those if you like they aren't that important and it
> should not break anything. Its just an incompatibility between your
> policy and kernel versions.
> 

This would be the best outcome, but do you mind to educate me, what exactly those "permissions" are?
When I see something like open in class lnk_file not defined in policy and will be allowed I do feel uncomfortable :)

Thanks,
Vadym




>> dracut: Loading SELinux policy
>> type=1404 audit(1370460658.483:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
>> SELinux:  Permission audit_access in class file not defined in policy.
>> SELinux:  Permission audit_access in class dir not defined in policy.
>> SELinux:  Permission execmod in class dir not defined in policy.
>> SELinux:  Permission audit_access in class lnk_file not defined in policy.
>> SELinux:  Permission open in class lnk_file not defined in policy.
>> SELinux:  Permission execmod in class lnk_file not defined in policy.
>> SELinux:  Permission audit_access in class chr_file not defined in policy.
>> SELinux:  Permission audit_access in class blk_file not defined in policy.
>> SELinux:  Permission execmod in class blk_file not defined in policy.
>> SELinux:  Permission audit_access in class sock_file not defined in policy.
>> SELinux:  Permission execmod in class sock_file not defined in policy.
>> SELinux:  Permission audit_access in class fifo_file not defined in policy.
>> SELinux:  Permission execmod in class fifo_file not defined in policy.
>> SELinux:  Permission syslog in class capability2 not defined in policy.
>> SELinux:  Permission wake_alarm in class capability2 not defined in policy.
>> SELinux:  Permission block_suspend in class capability2 not defined in policy.
>> SELinux:  Permission attach_queue in class tun_socket not defined in policy.
>> SELinux: the above unknown classes and permissions will be allowed
>> type=1403 audit(1370460659.259:3): policy loaded auid=4294967295 ses=4294967295
>> 
>> Is there anything I can do besides changing provider?
>> 
>> Thanks,
>> Vadym
>> 
>> 
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
>

More information about the selinux mailing list