Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing Listlogging in using sereference policy
From: Serge E. Hallyn <serue_at_us.ibm.com>
Date: Fri, 30 Dec 2005 11:08:27 -0600
The inlined patch allowed me to log in in enforcing mode. The rest were supporting pieces which addressed various denied messages I'd been seeing. I know most of these allow statements need to be moved to appropriate macros in completely different files, but I won't be able to get around to that until mid next week at the earliest, so here's the info in any case. Kind of obvious in retrospect :) And I sort of knew that must be what was going on, but wasn't sure how to find the real problem if there was no audit msg about it. In the future I may just have to start by adding a debug make target which removes all dontaudits. -serge Index: refpolicy/policy/modules/system/authlogin.if
dontaudit $2 shadow_t:file { getattr read }; Index: refpolicy/policy/modules/system/userdomain.if
+ # serge # user pseudoterminal type $1_devpts_t; term_user_pty($1_t,$1_devpts_t)
thanks,
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 30 Dec 2005 - 12:08:40 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |