Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: booting in enforcing mode
From: Rogelio Serrano <rogelio_at_smsglobal.net>
Date: Sat, 10 Apr 2004 22:53:17 +0800
> On Sat, 10 Apr 2004 17:10, Rogelio Serrano >> I can boot in enforcing mode now but there seem to be too many >> denials in my log. Which denials can be considered harmless? i >> can see a lot of ioctl, sys_tty_config and getattr. > > Show us a sample of the messages. > > When determining whether the denials are harmless it's usually > a matter of > the scontext and tcontext. > > As for sys_tty_config, in the transition to kernel 2.6.x the > handling of this > changed and lots of applications need it. I've considered > having the > daemon_base_domain() macro allow or dontaudit it. Most > applications that > request it don't seem to really need it (they work fine > without it). > I see. I think i have to remove some of those that i added. the hotplug scripts are the noisiest. i will fix /bin/login first. its the login fom util-linux 2.12 and im not using PAM. i need to label the tty properly. i can login but not into /User/Admin. login drops me into / then i can just "cd" and im in sysadm_home_dir. all home directories are in /Users and admins home dir is /Users/Admin alongside the other users. The context for /Users is system_u:object_r:file_t. Is that ok? Shouldnt it be root_t? Or should i create a totally new type. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Sat 10 Apr 2004 - 10:53:38 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |