Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Rawhide update gone awry: msg#00226
|
Subject: |
Re: Rawhide update gone awry |
Steve Brueckner wrote:
I appear to have borked my SELinux installation. I wanted to experiment
with the new name_connect permission, which I read was available with the
latest rawhide kernel and selinux policy. So, in my first-ever attempt to
use rawhide, I enabled my /etc/yum.repos.d/fedora-devel.repo file and then
yum updated to the following:
No you probably just picked the wrong day to update to rawhide.
I have an updated policy on ftp://people.redhat.com/dwalsh/SELinux/Fedora.
It will fix some of the problems.
But you might want to do a complete yum update to get the latest stuff
(FC4/Test2 plus updates).
Dan
kernel.i686 2.6.11-1.1267_FC4 installed
selinux-policy-targeted.noarch 1.23.12-4 installed
selinux-policy-targeted-sources.noarch 1.23.12-4 installed
selinux-policy-strict.noarch 1.23.12-4 installed
selinux-policy-strict-sources.noarch 1.23.12-4 installed
libselinux.i386 1.23.7-3 installed
libselinux-devel.i386 1.23.7-3 installed
libselinux-debuginfo.i386 1.23.7-3 installed
libsepol.i386 1.5.5-2 installed
policycoreutils.i386 1.23.6-1 installed
checkpolicy.i386 1.23.1-1 installed
setools.i386 2.1.0-2 installed
selinux-doc.noarch 1.19.5-1 installed
I then did a touch /.autorelabel; reboot, then after rebooting a make
reload. I'm using the targeted policy in permissive mode (things freeze up
when I setenforce 1). Policy version is 19.
I get a lot of avc denied messages on boot; enough to make me think I did
something wrong with my policy update or kernel update. Did I even go about
this the right way? Is there anything obviously wrong with the steps I
took? I'm running FC3, and I wasn't certain about updating to an FC4 kernel
but yum seemed to think it was OK so I went for it. I get the same errors
when I revert to 2.6.11-1.14_FC3.
Thanks for any ideas. My boot log is included below, with anything
non-SELinux related snipped out.
- Steve Brueckner, ATC-NY
$ dmesg
Linux version 2.6.11-1.1267_FC4 (bhcompile@xxxxxxxxxxxxxxxxxxxxxx) (gcc
version 4.0.0 20050423 (Red Hat 4.0.0-1)) #1 Mon Apr 25 19:22:44 EDT 2005
...
Security Framework v1.0.0 initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
...
audit: initializing netlink socket (disabled)
audit(1114514592.659:0): initialized
...
SELinux: Registering netfilter hooks
...
security: 3 users, 6 roles, 684 types, 75 bools
security: 55 classes, 126760 rules
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
SELinux: initialized (dev dm-0, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), not configured for labeling
SELinux: initialized (dev hugetlbfs, type hugetlbfs), not configured for
labeling
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev eventpollfs, type eventpollfs), uses
genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
audit(1114514601.951:0): avc: denied { use } for path=/init dev=rootfs
ino=8 scontext=system_u:system_r:syslogd_t
tcontext=system_u:system_r:kernel_t tclass=fd
...
SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts
...
SELinux: initialized (dev hda1, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Adding 2031608k swap on /dev/VolGroup00/LogVol01. Priority:-1 extents:1
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses
genfs_contexts
...
audit(1114529038.066:0): avc: denied { read } for name=config dev=dm-0
ino=3837327 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:selinux_config_t tclass=file
audit(1114529038.066:0): avc: denied { getattr } for
path=/etc/selinux/config dev=dm-0 ino=3837327
scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:selinux_config_t tclass=file
audit(1114529038.092:0): avc: denied { execute } for name=restorecon
dev=dm-0 ino=1802308 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:restorecon_exec_t tclass=file
audit(1114529038.092:0): avc: denied { execute_no_trans } for
path=/sbin/restorecon dev=dm-0 ino=1802308
scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:restorecon_exec_t tclass=file
audit(1114529038.092:0): avc: denied { read } for path=/sbin/restorecon
dev=dm-0 ino=1802308 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:restorecon_exec_t tclass=file
audit(1114529038.093:0): avc: denied { search } for name=contexts
dev=dm-0 ino=3834258 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:default_context_t tclass=dir
audit(1114529038.093:0): avc: denied { search } for name=files dev=dm-0
ino=3834262 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:file_context_t tclass=dir
audit(1114529038.093:0): avc: denied { read } for name=file_contexts
dev=dm-0 ino=3834260 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:file_context_t tclass=file
audit(1114529038.093:0): avc: denied { getattr } for
path=/etc/selinux/targeted/contexts/files/file_contexts dev=dm-0 ino=3834260
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:file_context_t
tclass=file
audit(1114529038.096:0): avc: denied { search } for name=/ dev=selinuxfs
ino=232 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:security_t tclass=dir
audit(1114529038.096:0): avc: denied { read write } for name=context
dev=selinuxfs ino=5 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:security_t tclass=file
audit(1114529038.096:0): avc: denied { check_context } for
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:security_t
tclass=security
audit(1114529038.479:0): avc: denied { use } for path=/init dev=rootfs
ino=8 scontext=system_u:system_r:named_t tcontext=system_u:system_r:kernel_t
tclass=fdSELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses
genfs_contexts
audit(1114529040.947:0): avc: denied { use } for path=/init dev=rootfs
ino=8 scontext=system_u:system_r:howl_t tcontext=system_u:system_r:kernel_t
tclass=fd
audit(1114529043.069:0): avc: denied { use } for path=/init dev=rootfs
ino=8 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:system_r:kernel_t tclass=fd
...
audit(1114529047.672:0): avc: denied { read } for path=/init dev=rootfs
ino=8 scontext=system_u:system_r:restorecon_t
tcontext=system_u:object_r:root_t tclass=file
audit(1114529050.126:0): avc: denied { use } for path=/init dev=rootfs
ino=8 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:kernel_t
tclass=fdaudit(1114529052.770:0): avc: denied { write } for name=etc
dev=dm-0 ino=3833857 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:etc_t tclass=dir
audit(1114529052.770:0): avc: denied { add_name } for name=.fstab.hal.S
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:etc_t
tclass=dir
audit(1114529052.770:0): avc: denied { create } for name=.fstab.hal.S
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:etc_t
tclass=file
audit(1114529053.042:0): avc: denied { write } for name=media dev=dm-0
ino=8552449 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:mnt_t tclass=dir
audit(1114529053.042:0): avc: denied { remove_name } for name=cdrecorder
dev=dm-0 ino=8552450 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:mnt_t tclass=dir
audit(1114529053.042:0): avc: denied { rmdir } for name=cdrecorder
dev=dm-0 ino=8552450 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:mnt_t tclass=dir
audit(1114529053.157:0): avc: denied { write } for path=/etc/.fstab.hal.S
dev=dm-0 ino=3837358 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:etc_t tclass=file
audit(1114529053.157:0): avc: denied { remove_name } for
name=.fstab.hal.S dev=dm-0 ino=3837358 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:etc_t tclass=dir
audit(1114529053.157:0): avc: denied { rename } for name=.fstab.hal.S
dev=dm-0 ino=3837358 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:etc_t tclass=file
audit(1114529053.157:0): avc: denied { unlink } for name=fstab dev=dm-0
ino=3834553 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:etc_t tclass=file
audit(1114529053.179:0): avc: denied { write } for name=rhgb-socket
dev=ramfs ino=4929 scontext=system_u:system_r:init_t
tcontext=system_u:object_r:ramfs_t tclass=sock_file
audit(1114529053.179:0): avc: denied { connectto } for
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t tclass=unix_stream_socket
audit(1114529053.577:0): avc: denied { getattr } for
path=/dev/VolGroup00/LogVol00 dev=tmpfs ino=5807
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:device_t
tclass=lnk_file
audit(1114529053.653:0): avc: denied { add_name } for name=cdrecorder
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:mnt_t
tclass=dir
audit(1114529053.654:0): avc: denied { create } for name=cdrecorder
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:mnt_t
tclass=dir
audit(1114529053.674:0): avc: denied { getattr } for
path=/dev/mapper/VolGroup00-LogVol00 dev=tmpfs ino=1128
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:device_t
tclass=blk_file
audit(1114529053.674:0): avc: denied { getattr } for path=/dev/pts
dev=devpts ino=1 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:devpts_t tclass=dir
...
audit(1114529081.451:0): avc: denied { getattr } for path=/dev/pts
dev=devpts ino=1 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:devpts_t tclass=dir
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
|
| |
