Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Experiences with selinux enabled targetted on Fedora Core 3: msg#00145

Subject: Experiences with selinux enabled targetted on Fedora Core 3 
In order to become more familiar with the selinux capabilities I did the 
following:
Started selinux in permissive mode for targetted. I recieved warnings for the
following services:
portmap, ntpd, and ntpdate.
I then ran fixfiles check. After it ran for quite some time. It did not
report any problems.
So I enabled targetted and rebooted. I then received error warnings for the
same services. The following relevent messages from dmesg follow:

<snip>
EXT3-fs: mounted filesystem with ordered data mode.
security:  3 users, 4 roles, 319 types, 20 bools
security:  53 classes, 10805 rules
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev hda2, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), not configured for labeling
SELinux: initialized (dev hugetlbfs, type hugetlbfs), not configured for 
labeling
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev eventpollfs, type eventpollfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
<snip>
ip_tables: (C) 2000-2002 Netfilter core team
ip_conntrack version 2.1 (2047 buckets, 16376 max) - 360 bytes per conntrack
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 
exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t 
tcontext=system_u:object_r:file_t tclass=dir
SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts
<snip>
IPv6 over IPv4 tunneling driver
divert: not allocating divert_blk for non-ethernet device sit0
audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 
exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.763:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.766:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir
audit(1109009547.766:0): avc:  denied  { search } for  pid=4180 
exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t 
tcontext=system_u:object_r:file_t tclass=dir

Obviously something is amiss. I do not know how to correct these messages for
the services. Does anyone know how the fix this delemma? If not should I
bugzilla it?

-- 
Richard E Miles
Federal Way WA. USA
registered linux user 46097
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Changing Permisions, Scot Elkington
Next by Date:  Re: Experiences with selinux enabled targetted on Fedora Core 3, Colin Walters
Previous by Thread:  Changing Permisions, John Ramsbacher
Next by Thread:  Re: Experiences with selinux enabled targetted on Fedora Core 3, Colin Walters
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe