Although that did produce a number of additional deny messages, even allowing all of them, still does not allow me to login from the console or ssh. doesn't matter if I'm root a standard user or a selinux user. Does any one know of a simple way to get RHEL4 targeted to recognize se users? I can't quite figure out where they are setting the default domain transition. Like I said before, I just need to keep root away from a few programs and a data file. I've set up a type and a user, relabled the fs with the new types etc etc. added my user to users, it matches the name in /etc/passwd exactly. I think I generally understand whats going on, I think I'm just suffering from use of an out of date tool chain. On Wed, 2007-12-26 at 14:59 -0800, Justin Mattock wrote: > Hello I think you need to; make enableaudit in the policy. with > selinux-policy-default the location would be /etc/selinux/src with > refpolicy-strict I'm not too sure. > regards; > --Justin P. Mattock > On Dec 26, 2007 1:35 PM, Jeremiah Jahn <jeremiah@xxxxxxxxxxxxxxxxxxxx> > wrote: > I've trying to get SELinux strict up and running on a RHEL4-U4 > box and > not having much luck. I have one account and 3 programs that I > need to > protect from root. I was unable to get targeted to login under > the user > that I created, something about the policy always defaulting > to user_u. > So Fine, I tried to install the strict/ref policy from the > tresys and > cips. Dues to this being an x86_64 system, that didn't go well > either. > Trying plan C I went with the FC3 strict policy. Obviously > some > improvemtns have been made since then, but this was the first > strict > policy I was able to install without completely hosing my > system. sshd > and login seem to really like having libselinux(64) around. > > > So my question here has to possible answers: > > 1) where the heck can I find some rpms for RHEl4 -x86_64 and > the most > recent ref policy. > > --OR-- > > 2) what could possibly be causing no [avc denied] messages to > be logged. > Most of the messages I have used with audit2allow to to try > and get > everything to work. Finally I go to the point of having no > more messages > even when rebooting the machine. If I put things into passive > mode > still no more messages, this is with constant reloading of the > policy to > clear the avc cache. > > help please. > > > > > > > > > "A fractal is by definition a set for which the Hausdorff > Besicovitch > dimension strictly exceeds the topological dimension." -- > Mandelbrot, > "The Fractal Geometry of Nature" > A fool-proof method for sculpting an elephant: first, get a huge block of marble; then you chip away everything that doesn't look like an elephant.
Attachment:
signature.asc
Description: This is a digitally signed message part
