Re: AVCs with ntpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I wonder about step 2. below. If you have the latest (and even just a
recent) kernel, all of the SELinux patches are in the kernel already.

[doing the patches by hand after looking them over is always a good idea
for a secure system, but if you just want to get things up for a sanity
check, maybe not necessary at the moment..]

Bringing your system up2date is also a good idea as some of the utilities
(nptd?) have SELinux related patches.

I also think that step 5. needs to be done before steps 3 and 4.

You might boot a couple of times with 5. set, then do 3. and 4.

At least that is what I have done.

BobG

On Mon, 20 Sep 2004 14:18:17 +0200, Felipe Alfaro Solana wrote:
>OK, so I'm trying SElinux after having it disabled for some time.
>That's what I did:
>
>1. Installed selinux-policy-targeted-1.17.16-2
>2. Recompiled the kernel with SElinux support
>3. Booted into single user mode
>4. Ran "fixfiles relabel"
>5. Rebooted with "selinux=1"
>
>Now, I'm seeing a lot of these:
>
>audit(1095681913.039:0(: avc: denied  { search } for  pid=2515
>exe=/usr/sbin/ntpd dev=tmpfs ino=357 scontext=user_u:system_r:ntpd_t
>tcontext=user_u:object_r"tmpfs_t tclass=dir
>
>The problem here is that I'm using UDEV and that the initial ramdisk
>mounts a tmpfs on top of "/dev", thus, covering the labeled "/dev" that
>resides on disk.
>
>How should I fix this?
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list@xxxxxxxxxx
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux