Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: setroubleshoot var types Date: Wed, 5 Nov 2008 03:28:40 -0800 (PST)
Nov 3 09:27:39 localhost kernel: SELinux: inode_doinit_with_dentry:
context_to_sid(system_u:object_r:setroubleshoot_var_lib_t:s0) returned 22
for dev=dm-2 ino=23923693
Upon using the Policy Analysis tool I found that none of the setroubleshoot_var_*_t types were associated with the object_r role. Is this an issue with the setroubleshoot policy? Andy -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tycho.nsa.gov> subject: Re: setroubleshoot var types Date: Wed, 05 Nov 2008 08:40:47 -0500
object_r is implicitly allowed to be associated with all types. The issue here is not the role:type relation but rather that the types aren't defined in the mls policy. The shipped mls policy tends to only support a subset of the distribution, and I doubt setroubleshoot was included in the target of evaluation. You can of course build a more complete mls policy if you wish. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |