Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: installation of selinux on non-selinux system: msg#00083
|
Subject: |
Re: installation of selinux on non-selinux system |
This is a multi-part message in MIME format.
Daniel J Walsh wrote:
Jim Cornette wrote:
After upgrading a computer from FC2 to FC3, I decided to give SELinux
a shot and used up2date to retrieve the rpm for
selinux-policy-targeted and expected for all needed deps to be
pulled in. The other dependent ackages did not get pulled in with
this selection. I ended up having system messages not being
accessable and also httpd being damened with errors. I supposed that
there was an abnormality on my particular system. Within recent days,
I have noted others experiencing similar failures on the fedora-list.
I then decided that this might e a more common prblem than first
expected.
Another Fedora user was asking questions regarding running fixfiles
relabel. I noticed that I also did not have fixfiles installed.
<>
You need to install policycoreutils and relabel the file system.
Thanks Dan for the name of the rpm that is needed for fixfiles so
relabeling can be performed. My main question is for those systems that
are upgraded from non-selinux to systems where selinux is desired to be
added.
If one was to install selinux-policy-targeted via a repository
installation, up2date in my case. I would expect the inclusion of other
deps being pulled in.
Selinux gives sort of a working system when using
system-config-securitylevel to enable selinux via the gui. I am not too
sure if this would introduce "dep hell" if having policycoreutils pulled
in when selinux-policy for targeted or strict is pulled from a repo.
After relabeling my filesystem again in runlevel 1, I seem to get the
same type of errors as experienced before. .mozilla related files seemed
to be the major files that content was tried to be changed, when
relabeling for strict. See attached avc for today.
In order to bring up X, running setenforce 0 at a root shell was needed,
in order to launch X successfully. If there is some lingering config
file, either systemwide or hanging out in the per user directory that is
blocking X, I don't know.
Thanks,
Jim
Dan
--
Peers's Law:
The solution to a problem changes the nature of the problem.
Nov 21 00:29:59 localhost kernel: <3>audit(1101014999.006:0): avc: denied {
remove_name } for pid=3156 exe=/usr/sbin/userhelper name=.xauthclDLiD dev=hda3
ino=391919 scontext=user_u:user_r:user_userhelper_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Nov 21 00:29:59 localhost kernel: audit(1101014999.006:0): avc: denied {
unlink } for pid=3156 exe=/usr/sbin/userhelper name=.xauthclDLiD dev=hda3
ino=391919 scontext=user_u:user_r:user_userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Nov 21 00:30:05 localhost kernel: audit(1101015005.924:0): avc: denied {
search } for pid=3032 exe=/usr/bin/gnome-session name=console dev=hda3
ino=408043 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:pam_var_console_t tclass=dir
Nov 21 00:30:33 localhost kernel: audit(1101015033.363:0): avc: denied {
write } for pid=2973 exe=/usr/X11R6/bin/xinit path=/dev/tty2 dev=tmpfs
ino=1864 scontext=user_u:user_r:user_t tcontext=system_u:object_r:tty_device_t
tclass=chr_file
Nov 21 00:30:35 localhost dbus: avc: 7 AV entries and 6/512 buckets used,
longest chain length 2
Nov 21 08:00:19 localhost kernel: audit(1101023972.861:0): avc: denied {
ioctl } for pid=613 exe=/bin/bash path=/proc/ide/ide0/hda/media dev=proc
ino=-268435122 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:proc_t tclass=file
Nov 21 08:00:19 localhost kernel: audit(1101023973.069:0): avc: denied {
ioctl } for pid=613 exe=/bin/bash path=/proc/ide/ide1/hdc/media dev=proc
ino=-268435110 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:proc_t tclass=file
Nov 21 08:00:19 localhost kernel: audit(1101041993.110:0): avc: denied {
search } for pid=1583 exe=/sbin/alsactl name=root dev=hda3 ino=424321
scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t
tclass=dir
Nov 21 08:00:19 localhost kernel: audit(1101041993.180:0): avc: denied {
search } for pid=1580 exe=/sbin/alsactl name=root dev=hda3 ino=424321
scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t
tclass=dir
Nov 21 08:00:19 localhost kernel: audit(1101041993.191:0): avc: denied {
search } for pid=1577 exe=/sbin/alsactl name=root dev=hda3 ino=424321
scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t
tclass=dir
Nov 21 08:00:19 localhost kernel: audit(1101042010.642:0): avc: denied { read
} for pid=1646 exe=/usr/sbin/cpuspeed name=mtab dev=hda3 ino=557700
scontext=system_u:system_r:cpuspeed_t tcontext=system_u:object_r:etc_runtime_t
tclass=file
Nov 21 08:00:19 localhost kernel: audit(1101042010.642:0): avc: denied { read
} for pid=1646 exe=/usr/sbin/cpuspeed name=fstab dev=hda3 ino=555388
scontext=system_u:system_r:cpuspeed_t tcontext=system_u:object_r:etc_t
tclass=file
Nov 21 08:00:25 localhost kernel: audit(1101042025.563:0): avc: denied {
search } for pid=2197 exe=/usr/sbin/clamd name=clamav dev=hda3 ino=473684
scontext=system_u:system_r:clamd_t tcontext=system_u:object_r:freshclam_log_t
tclass=dir
Nov 21 08:00:27 localhost kernel: audit(1101042027.875:0): avc: denied {
fowner } for pid=2250 exe=/sbin/restorecon capability=3
scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:restorecon_t
tclass=capability
Nov 21 08:00:35 localhost kernel: audit(1101042035.247:0): avc: denied {
getattr } for pid=2406 exe=/bin/mount path=/tos1 dev=hda3 ino=489601
scontext=system_u:system_r:mount_t tcontext=system_u:object_r:default_t
tclass=dir
Nov 21 08:00:38 localhost kernel: audit(1101042038.076:0): avc: denied {
search } for pid=2388 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t
tclass=dir
Nov 21 08:00:38 localhost kernel: audit(1101042038.076:0): avc: denied {
search } for pid=2388 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t
tclass=dir
Nov 21 08:00:38 localhost kernel: audit(1101042038.077:0): avc: denied {
search } for pid=2388 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t
tclass=dir
Nov 21 08:04:09 localhost kernel: audit(1101042249.690:0): avc: denied {
search } for pid=2894 exe=/usr/X11R6/bin/Xorg name=selinux dev=hda3 ino=603892
scontext=user_u:user_r:user_xserver_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
Nov 21 08:04:09 localhost kernel: audit(1101042249.731:0): avc: denied {
search } for pid=2894 exe=/usr/X11R6/bin/Xorg name=console dev=hda3 ino=408043
scontext=user_u:user_r:user_xserver_t
tcontext=system_u:object_r:pam_var_console_t tclass=dir
Nov 21 08:04:51 localhost kernel: audit(1101042291.658:0): avc: granted {
setenforce } for pid=2896 exe=/usr/bin/setenforce
scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t
tclass=security
Nov 21 08:05:08 localhost kernel: audit(1101042308.913:0): avc: denied {
search } for pid=2910 exe=/usr/X11R6/bin/Xorg name=selinux dev=hda3 ino=603892
scontext=user_u:user_r:user_xserver_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
Nov 21 08:05:08 localhost kernel: audit(1101042308.913:0): avc: denied { read
} for pid=2910 exe=/usr/X11R6/bin/Xorg name=config dev=hda3 ino=603908
scontext=user_u:user_r:user_xserver_t
tcontext=system_u:object_r:selinux_config_t tclass=file
Nov 21 08:05:08 localhost kernel: audit(1101042308.914:0): avc: denied {
getattr } for pid=2910 exe=/usr/X11R6/bin/Xorg path=/etc/selinux/config
dev=hda3 ino=603908 scontext=user_u:user_r:user_xserver_t
tcontext=system_u:object_r:selinux_config_t tclass=file
Nov 21 08:05:08 localhost kernel: audit(1101042308.922:0): avc: denied {
search } for pid=2910 exe=/usr/X11R6/bin/Xorg name=console dev=hda3 ino=408043
scontext=user_u:user_r:user_xserver_t
tcontext=system_u:object_r:pam_var_console_t tclass=dir
Nov 21 08:05:17 localhost kernel: audit(1101042317.967:0): avc: denied { read
} for pid=2986 exe=/usr/bin/ssh-agent name=config dev=hda3 ino=603908
scontext=user_u:user_r:user_ssh_agent_t
tcontext=system_u:object_r:selinux_config_t tclass=file
Nov 21 08:05:17 localhost kernel: audit(1101042317.968:0): avc: denied {
getattr } for pid=2986 exe=/usr/bin/ssh-agent path=/etc/selinux/config
dev=hda3 ino=603908 scontext=user_u:user_r:user_ssh_agent_t
tcontext=system_u:object_r:selinux_config_t tclass=file
Nov 21 08:05:28 localhost kernel: audit(1101042328.992:0): avc: denied {
search } for pid=2910 exe=/usr/X11R6/bin/Xorg name=.gnome2 dev=hda3
ino=1338661 scontext=user_u:user_r:user_xserver_t
tcontext=system_u:object_r:user_home_t tclass=dir
Nov 21 08:05:28 localhost kernel: audit(1101042328.992:0): avc: denied { read
} for pid=2910 exe=/usr/X11R6/bin/Xorg name=fonts.dir dev=hda3 ino=1338668
scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t
tclass=file
Nov 21 08:05:28 localhost kernel: audit(1101042328.992:0): avc: denied {
getattr } for pid=2910 exe=/usr/X11R6/bin/Xorg
path=/home/jim/.gnome2/share/cursor-fonts/fonts.dir dev=hda3 ino=1338668
scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t
tclass=file
Nov 21 08:05:38 localhost dbus: avc: received setenforce notice (enforcing=0)
Nov 21 08:05:38 localhost kernel: audit(1101042338.848:0): avc: denied { use
} for pid=3046 exe=/bin/mount path=/dev/tty2 dev=tmpfs ino=1864
scontext=user_u:user_r:user_mount_t tcontext=system_u:system_r:local_login_t
tclass=fd
Nov 21 08:09:29 localhost kernel: audit(1101042569.604:0): avc: denied {
write } for pid=3093 exe=/usr/sbin/userhelper name=root dev=hda3 ino=424321
scontext=user_u:user_r:user_userhelper_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Nov 21 08:09:29 localhost kernel: audit(1101042569.604:0): avc: denied {
add_name } for pid=3093 exe=/usr/sbin/userhelper name=.xauthDMglgN
scontext=user_u:user_r:user_userhelper_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Nov 21 08:09:29 localhost kernel: audit(1101042569.604:0): avc: denied {
create } for pid=3093 exe=/usr/sbin/userhelper name=.xauthDMglgN
scontext=user_u:user_r:user_userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Nov 21 08:09:29 localhost kernel: audit(1101042569.630:0): avc: denied {
setattr } for pid=3093 exe=/usr/sbin/userhelper name=.xauthDMglgN dev=hda3
ino=424711 scontext=user_u:user_r:user_userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Nov 21 08:09:29 localhost kernel: audit(1101042569.641:0): avc: denied {
search } for pid=3095 exe=/usr/X11R6/bin/xauth name=root dev=hda3 ino=424321
scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t
tclass=dir
Nov 21 08:09:29 localhost kernel: audit(1101042569.642:0): avc: denied {
write } for pid=3095 exe=/usr/X11R6/bin/xauth name=root dev=hda3 ino=424321
scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t
tclass=dir
Nov 21 08:09:29 localhost kernel: audit(1101042569.642:0): avc: denied {
add_name } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN-c
scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t
tclass=dir
Nov 21 08:09:29 localhost kernel: audit(1101042569.642:0): avc: denied {
create } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN-c
scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t
tclass=file
Nov 21 08:09:29 localhost kernel: audit(1101042569.655:0): avc: denied { link
} for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN-c dev=hda3
ino=425338 scontext=user_u:user_r:user_xauth_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Nov 21 08:09:29 localhost kernel: audit(1101042569.656:0): avc: denied {
write } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3
ino=424711 scontext=user_u:user_r:user_xauth_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Nov 21 08:09:29 localhost kernel: audit(1101042569.657:0): avc: denied { read
} for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3 ino=424711
scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t
tclass=file
Nov 21 08:09:29 localhost kernel: audit(1101042569.657:0): avc: denied {
getattr } for pid=3095 exe=/usr/X11R6/bin/xauth path=/root/.xauthDMglgN
dev=hda3 ino=424711 scontext=user_u:user_r:user_xauth_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Nov 21 08:09:29 localhost kernel: audit(1101042569.660:0): avc: denied {
remove_name } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3
ino=424711 scontext=user_u:user_r:user_xauth_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Nov 21 08:09:29 localhost kernel: audit(1101042569.660:0): avc: denied {
unlink } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3
ino=424711 scontext=user_u:user_r:user_xauth_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Nov 21 08:09:30 localhost kernel: audit(1101042570.492:0): avc: denied {
connectto } for pid=3096 exe=/usr/bin/python path=/tmp/.X11-unix/X0
scontext=root:sysadm_r:sysadm_t tcontext=user_u:user_r:user_xserver_t
tclass=unix_stream_socket
Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied {
unix_read unix_write } for pid=2910 exe=/usr/X11R6/bin/Xorg key=0
scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm
Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { read
write } for pid=2910 exe=/usr/X11R6/bin/Xorg key=0
scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm
Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { use
} for pid=2910 path=/SYSV00000000 (deleted) dev=tmpfs ino=557072
scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=fd
Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { read
write } for pid=2910 path=/SYSV00000000 (deleted) dev=tmpfs ino=557072
scontext=user_u:user_r:user_xserver_t tcontext=root:object_r:sysadm_tmpfs_t
tclass=file
Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied {
getattr associate } for pid=2910 exe=/usr/X11R6/bin/Xorg key=0
scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm
|
| |
