On Tue, 29 Jun 2004 09:38:32 -0400, Stephen Smalley wrote:
>On Tue, 2004-06-29 at 09:15, Bob Gustafson wrote:
>> Would be nice if the routines parsing these values would holler out if
>> there are syntax errors (or manual mis-readings.., incorrect values, etc.)
>
>Run selinuxconfig to see your current configuration settings.
[root@hoho2 etc]# selinuxconfig
selinux state="permissive"
policypath="/etc/selinux/strict"
default_type_path="/etc/selinux/strict/contexts/default_type"
default_context_path="/etc/selinux/strict/contexts/default_contexts"
default_failsafe_context_path="/etc/selinux/strict/contexts/failsafe_context"
binary_policy_path="/etc/selinux/strict/policy/policy"
user_contexts_path="/etc/selinux/strict/contexts/users/"
contexts_path="/etc/selinux/strict/contexts"
[root@hoho2 etc]#
Hmm, that looks pretty useful.
I wonder what it would have looked like with the wrong values in the
/etc/selinux/config?
And to what effect?
>
>/sbin/init should log a warning if it cannot open the policy file, e.g.
>due to bad configuration setting for the SELINUXTYPE, but there might be
>an issue with the present call to log().
I did not see any failures, but clearly I had the wrong values in my
/etc/selinux/config file:
[root@hoho2 log]# grep policy messages*
messages:Jun 27 06:48:25 hoho2 kernel: audit(1088336905.471:0): avc:
granted {
load_policy } for pid=4626 exe=/usr/sbin/load_policy
scontext=root:sysadm_r:lo
ad_policy_t tcontext=system_u:object_r:security_t tclass=security
messages:Jun 27 06:48:50 hoho2 kernel: audit(1088336930.238:0): avc:
granted {
load_policy } for pid=4688 exe=/usr/sbin/load_policy
scontext=root:sysadm_r:lo
ad_policy_t tcontext=system_u:object_r:security_t tclass=security
...
...
BobG
