On Jun 5, 2013, at 5:03 PM, Dominick Grift wrote: > On Wed, 2013-06-05 at 15:44 -0400, Vadym Chepkov wrote: >> Hi, >> >> Unfortunately, Linode.com VPS provider doesn't include SELinux support in their kernels, so I had to recompile my kernel with SELinux enabled. >> Due to some other limitations they do not support stock centos6 kernel (2.6.32) and told me to install the latest 3.x, which I did. >> But now I see these messages in the kernel boot log, which makes me to think my SELinux is "broken" >> > > You can ignore those if you like they aren't that important and it > should not break anything. Its just an incompatibility between your > policy and kernel versions. > This would be the best outcome, but do you mind to educate me, what exactly those "permissions" are? When I see something like open in class lnk_file not defined in policy and will be allowed I do feel uncomfortable :) Thanks, Vadym >> dracut: Loading SELinux policy >> type=1404 audit(1370460658.483:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 >> SELinux: Permission audit_access in class file not defined in policy. >> SELinux: Permission audit_access in class dir not defined in policy. >> SELinux: Permission execmod in class dir not defined in policy. >> SELinux: Permission audit_access in class lnk_file not defined in policy. >> SELinux: Permission open in class lnk_file not defined in policy. >> SELinux: Permission execmod in class lnk_file not defined in policy. >> SELinux: Permission audit_access in class chr_file not defined in policy. >> SELinux: Permission audit_access in class blk_file not defined in policy. >> SELinux: Permission execmod in class blk_file not defined in policy. >> SELinux: Permission audit_access in class sock_file not defined in policy. >> SELinux: Permission execmod in class sock_file not defined in policy. >> SELinux: Permission audit_access in class fifo_file not defined in policy. >> SELinux: Permission execmod in class fifo_file not defined in policy. >> SELinux: Permission syslog in class capability2 not defined in policy. >> SELinux: Permission wake_alarm in class capability2 not defined in policy. >> SELinux: Permission block_suspend in class capability2 not defined in policy. >> SELinux: Permission attach_queue in class tun_socket not defined in policy. >> SELinux: the above unknown classes and permissions will be allowed >> type=1403 audit(1370460659.259:3): policy loaded auid=4294967295 ses=4294967295 >> >> Is there anything I can do besides changing provider? >> >> Thanks, >> Vadym >> >> >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
