kernel 3.9.4 on Centos6
Vadym Chepkov
vchepkov at gmail.com
Wed Jun 5 21:07:40 UTC 2013
On Jun 5, 2013, at 5:03 PM, Dominick Grift wrote:
> On Wed, 2013-06-05 at 15:44 -0400, Vadym Chepkov wrote:
>> Hi,
>>
>> Unfortunately, Linode.com VPS provider doesn't include SELinux support in their kernels, so I had to recompile my kernel with SELinux enabled.
>> Due to some other limitations they do not support stock centos6 kernel (2.6.32) and told me to install the latest 3.x, which I did.
>> But now I see these messages in the kernel boot log, which makes me to think my SELinux is "broken"
>>
>
> You can ignore those if you like they aren't that important and it
> should not break anything. Its just an incompatibility between your
> policy and kernel versions.
>
This would be the best outcome, but do you mind to educate me, what exactly those "permissions" are?
When I see something like open in class lnk_file not defined in policy and will be allowed I do feel uncomfortable :)
Thanks,
Vadym
>> dracut: Loading SELinux policy
>> type=1404 audit(1370460658.483:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
>> SELinux: Permission audit_access in class file not defined in policy.
>> SELinux: Permission audit_access in class dir not defined in policy.
>> SELinux: Permission execmod in class dir not defined in policy.
>> SELinux: Permission audit_access in class lnk_file not defined in policy.
>> SELinux: Permission open in class lnk_file not defined in policy.
>> SELinux: Permission execmod in class lnk_file not defined in policy.
>> SELinux: Permission audit_access in class chr_file not defined in policy.
>> SELinux: Permission audit_access in class blk_file not defined in policy.
>> SELinux: Permission execmod in class blk_file not defined in policy.
>> SELinux: Permission audit_access in class sock_file not defined in policy.
>> SELinux: Permission execmod in class sock_file not defined in policy.
>> SELinux: Permission audit_access in class fifo_file not defined in policy.
>> SELinux: Permission execmod in class fifo_file not defined in policy.
>> SELinux: Permission syslog in class capability2 not defined in policy.
>> SELinux: Permission wake_alarm in class capability2 not defined in policy.
>> SELinux: Permission block_suspend in class capability2 not defined in policy.
>> SELinux: Permission attach_queue in class tun_socket not defined in policy.
>> SELinux: the above unknown classes and permissions will be allowed
>> type=1403 audit(1370460659.259:3): policy loaded auid=4294967295 ses=4294967295
>>
>> Is there anything I can do besides changing provider?
>>
>> Thanks,
>> Vadym
>>
>>
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
More information about the selinux
mailing list