Re: node contexts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/21/2012 12:31 PM, Andy Ruch wrote:
> Hello,
> 
> I'm setting up a system where the nodes need to have different types.
> Currently, I'm getting an AVC denial for a node but I don't know which
> node.
> 
> My questions:
> 
> 1) Is it possible to know which node an AVC message is referencing?
> 
> 2) Is there a way to see all the node contexts? I know "semanage node -l"
> will show my local nodecon modifications but how do I list all the nodes?
> 
> 3) I tried to add a "nodecon" statement to the corenetwork.te file but the
> policy won't compile. How can I label a node from the policy? Here is what
> I tried: type my_lo_node_t; corenet_node( my_lo_node_t ) nodecon 127.0.0.1
> 255.255.255.255 gen_context(system_u:object_r:my_lo_node_t, s0)
> 
> 
> Thanks, Andy Ruch -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
The AVC should have the node information.

I believe you can define the node in policy but have to use semanage to place
it on a ip address.  This is what we are doing in OpenShift BTW.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlCtGVMACgkQrlYvE4MpobPFzACgyYrpsw/FPSdxAx3bi0kpRY5P
q00Anj/97BgmWFjqWBwUmwy42CGBTocJ
=GdY5
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux