Re: targeted policy: crond_t now invalid for initrc_t ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tom London wrote:

On Mon, 24 Jan 2005 15:02:22 -0500, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:


Can you try a
make -C /etc/selinux/targeted/src/policy load



Sorry, no soap. :-(

Here's a log:
[root@tlondon ~]# cd /etc/selinux/targeted
[root@tlondon targeted]# cd src/policy
[root@tlondon policy]# make -C /etc/selinux/targeted/src/policy load
make: Entering directory `/etc/selinux/targeted/src/policy'
/usr/sbin/load_policy /etc/selinux/targeted/policy/policy.18
touch tmp/load
make: Leaving directory `/etc/selinux/targeted/src/policy'
[root@tlondon ~]# cd /etc/init.d
[root@tlondon init.d]# ./crond status
crond is stopped
[root@tlondon init.d]# ./crond start
Starting crond: /etc/init.d/functions: line 148: /usr/sbin/crond:
Permission denied
                                                          [FAILED]
[root@tlondon init.d]#

Here's the AVC:
Jan 25 07:38:17 localhost kernel: audit(1106667497.815:0):
security_compute_sid:  invalid context root:system_r:crond_t for
scontext=root:system_r:initrc_t
tcontext=system_u:object_r:crond_exec_t tclass=process

tom




Ok, you need to change the policy for crond.te

--- crond.te~   2005-01-21 16:16:11.000000000 -0500
+++ crond.te    2005-01-25 12:04:52.000000000 -0500
@@ -19,5 +19,5 @@
type sysadm_cron_spool_t, file_type, sysadmfile;
type crond_log_t, file_type, sysadmfile;
type crond_var_run_t, file_type, sysadmfile;
-domain_auto_trans(initrc_t, crond_exec_t, crond_t)
-domain_auto_trans(initrc_t, anacron_exec_t, crond_t)
+domain_auto_trans(initrc_t, crond_exec_t, unconfined_t)
+domain_auto_trans(initrc_t, anacron_exec_t, unconfined_t)


I will update policy and throw it out on people.

selinux-policy-targeted-1.21.3-2


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux