hello,
I have just installed selinux on my gentoo box, and getting difficulties in
permissive mode. If someone can have a look at this and point me
somewhere...
Emerge doesn't work If i run it from terminal in X11 - it call traces,
cant merge anything. In dmesg I can find:
----------------
type=1400 audit(1342877962.365:424): avc: denied { read write } for
pid=15719 comm="sh" name="1" dev="devpts" ino=4
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:devpts_t tclass=chr_file
type=1400 audit(1342877962.367:425): avc: denied { search } for
pid=15719 comm="sh" name="ivan" dev="dm-3" ino=20709377
scontext=system_u:system_r:portage_fetch_t
tcontext=staff_u:object_r:user_home_dir_t tclass=dir
type=1400 audit(1342877962.394:426): avc: denied { search } for
pid=15720 comm="id" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:sysfs_t tclass=dir
type=1400 audit(1342878036.496:428): avc: denied { read write } for
pid=15894 comm="emerge" name="1" dev="devpts" ino=4
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t
tclass=chr_file
type=1400 audit(1342878036.500:429): avc: denied { ioctl } for pid=15894
comm="emerge" path="/dev/pts/1" dev="devpts" ino=4
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t
tclass=chr_file
type=1400 audit(1342878036.505:430): avc: denied { getattr } for
pid=15894 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t
tclass=chr_file
type=1400 audit(1342878083.667:431): avc: denied { read write } for
pid=16890 comm="sh" name="1" dev="devpts" ino=4
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:devpts_t tclass=chr_file
type=1400 audit(1342878083.671:432): avc: denied { search } for
pid=16892 comm="id" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:sysfs_t tclass=dir
----------------
I'm running xdm - gdm3 to be more accurate - and as normal user in terminal
I switch to root and then do newrole -t sysadm_t - after that I'm trying to
emerge something.
Ofcourse from raw console a.k.a. non X env, emerging works.
Additional info:
----------------
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: disabled
Policy deny_unknown status: denied
Max kernel policy version: 26
----------------
# id -Z // after switching to root and changing newrole
system_u:system_r:sysadm_t
----------------
all installed sec-policy packages are from hardened-devel overlay =
2.20120215-r14
----------------
I did rlpkg -a -r so many times.. :-)
thanks in advance
Ivan Gooten
I have just installed selinux on my gentoo box, and getting difficulties in
permissive mode. If someone can have a look at this and point me
somewhere...
Emerge doesn't work If i run it from terminal in X11 - it call traces,
cant merge anything. In dmesg I can find:
----------------
type=1400 audit(1342877962.365:424): avc: denied { read write } for
pid=15719 comm="sh" name="1" dev="devpts" ino=4
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:devpts_t tclass=chr_file
type=1400 audit(1342877962.367:425): avc: denied { search } for
pid=15719 comm="sh" name="ivan" dev="dm-3" ino=20709377
scontext=system_u:system_r:portage_fetch_t
tcontext=staff_u:object_r:user_home_dir_t tclass=dir
type=1400 audit(1342877962.394:426): avc: denied { search } for
pid=15720 comm="id" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:sysfs_t tclass=dir
type=1400 audit(1342878036.496:428): avc: denied { read write } for
pid=15894 comm="emerge" name="1" dev="devpts" ino=4
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t
tclass=chr_file
type=1400 audit(1342878036.500:429): avc: denied { ioctl } for pid=15894
comm="emerge" path="/dev/pts/1" dev="devpts" ino=4
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t
tclass=chr_file
type=1400 audit(1342878036.505:430): avc: denied { getattr } for
pid=15894 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4
scontext=system_u:system_r:portage_t tcontext=system_u:object_r:devpts_t
tclass=chr_file
type=1400 audit(1342878083.667:431): avc: denied { read write } for
pid=16890 comm="sh" name="1" dev="devpts" ino=4
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:devpts_t tclass=chr_file
type=1400 audit(1342878083.671:432): avc: denied { search } for
pid=16892 comm="id" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:portage_fetch_t
tcontext=system_u:object_r:sysfs_t tclass=dir
----------------
I'm running xdm - gdm3 to be more accurate - and as normal user in terminal
I switch to root and then do newrole -t sysadm_t - after that I'm trying to
emerge something.
Ofcourse from raw console a.k.a. non X env, emerging works.
Additional info:
----------------
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: disabled
Policy deny_unknown status: denied
Max kernel policy version: 26
----------------
# id -Z // after switching to root and changing newrole
system_u:system_r:sysadm_t
----------------
all installed sec-policy packages are from hardened-devel overlay =
2.20120215-r14
----------------
I did rlpkg -a -r so many times.. :-)
thanks in advance
Ivan Gooten