I am fairly new to selinux and while I have a seemingly working install,
when its in enforcing mode I get errors trying to sync other gentoo
boxes portage tree, like:
Jun 23 01:35:21 yorke rsyncd[18130]: chroot /usr/portage failed:
Permission denied
It's the only error I can see anywhere about it, and I can't seem to
locate any log of the selinux denial, neither while in enforcing or in
permissive. However in permissive mode, the sync works as expected.
I can see some grsec denials (not related to rsyncd) in
/var/log/grsec.log (running syslog-ng, btw) but nothing selinux related
in /var/log/kern.log or /var/log/messages and from what I have read thus
far I am certain that I should be getting something. kern.log and
messages both contain "security:" entries when I load a new selinux
policy. Is there just some verbosity flag I missed so I can start
logging these denials?
I thought perhaps I needed to reload the rsync selinux policy and was
surprised there wasn't one to be found, not installed or in portage,
unless its wrapped up in the base policy. Am I missing something? I see
policies for distcc and bind amongst many others, but nothing for rsync?
How can I go about resolving this, and I mean that more like, I'd
greatly appreciate learning how, not just waltzing through some blind
steps. Sorry if I threw too much out there at once, but that much for
any advice.
Regards,
--
Jason K Larson
--
gentoo-security@gentoo.org mailing list
when its in enforcing mode I get errors trying to sync other gentoo
boxes portage tree, like:
Jun 23 01:35:21 yorke rsyncd[18130]: chroot /usr/portage failed:
Permission denied
It's the only error I can see anywhere about it, and I can't seem to
locate any log of the selinux denial, neither while in enforcing or in
permissive. However in permissive mode, the sync works as expected.
I can see some grsec denials (not related to rsyncd) in
/var/log/grsec.log (running syslog-ng, btw) but nothing selinux related
in /var/log/kern.log or /var/log/messages and from what I have read thus
far I am certain that I should be getting something. kern.log and
messages both contain "security:" entries when I load a new selinux
policy. Is there just some verbosity flag I missed so I can start
logging these denials?
I thought perhaps I needed to reload the rsync selinux policy and was
surprised there wasn't one to be found, not installed or in portage,
unless its wrapped up in the base policy. Am I missing something? I see
policies for distcc and bind amongst many others, but nothing for rsync?
How can I go about resolving this, and I mean that more like, I'd
greatly appreciate learning how, not just waltzing through some blind
steps. Sorry if I threw too much out there at once, but that much for
any advice.
Regards,
--
Jason K Larson
--
gentoo-security@gentoo.org mailing list