I have been desperately trying to get selinux strict policy to work on my
laptop to no avail. I have been using a strict policy in enforcing mode for a
long time, but since I upgraded to the kernel / selinux versions listed below,
when in enforcing mode, the policy causes authentication to fail from the
console (my default runlevel is 3).
Even though I have the following statements in my custom.te under
/etc/selinux/strict/src/policy/domains/misc/
allow kernel_t sysadm_t:process transition;
allow kernel_t sysadm_tty_device_t:chr_file { relabelfrom relabelto };
allow sysadm_t sysadm_t:process transition;
I keep getting corresponding 'avc: denied' events in the audit log.
Kernel auditing is enabled at boot time (audit=1 kernel switch) and the audit
daemon is set to run at boot time.
I am using:
kernel-2.6.14-1.1653_FC4
selinux-policy-strict-sources-1.27.1-2.16
How can I go about fixing this issue?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
