Originally, I had Fedora Core 1 linux distro and then decided to simply
upgrade to Fedora Core 2 via manually rpm-ing the necessary packages.
Everything went pretty much as expected and now I have the Selinux
policy packages all installed. I decided to start reading the obvious
README in /etc/security/selinux/src/policy and then went to the NSA
SELinux website. I did the make load and make relabel and reboot cycle,
leaving the SELinux in permissive mode.
Now, I am ready to take the next step: reading the audit logging
messages and taking some action per audit. I just need some more
insight and expertise from someone to enlighten me as to which direction
to take.
To start off with I am looking at the following audit line (with some
editing out of irrelevant info) from "dmesg":
audit(...): avc: denied { search }
for pid=458 exe=/usr/bin/rhgb
name=.themes dev=hda... ino=...
scontext=system_u:system_r:rhgb_t
tcontext=root:object_r:staff_home_t
tclass=dir
This audit line reports that the process (pid=458) running the
executable program (/usr/bin/rhgb), the RedHat Graphics Boot program,
was trying to access the target object ".themes" (a directory).
Okay, the rhgb process is running in the source context with an identity
of "system_u" (System user) in the role of "system_r" (System role)
within the domain of "rhgb_t" (RedHat Graphics Boot domain) and is
trying to access the directory target object ".themes" which has a
target context with an identity of "root" in the role of "system_r"
(System role) with a type of "staff_home_t" (Staff Home object type).
Given that the audit process denies the "search" on this access, that
means that the rhgb domain does not have "search" access to a
staff_home_t type object.
Okay, I guess I should go to the /etc/security/selinux/src/policy
directory and edit the policy.conf(?) file to add a suitable transition
policy... but I am not confident as to what.
Any good tips and comments?
Thanks,
Frank
--
Francis K Shim <belfrancis2001@xxxxxxxx>
