On Fri, 2010-02-19 at 16:30 -0500, Alan Rouse wrote: > Stephen wrote: > > Why is it necessary to download and rebuild the source policy? Did they build it as a monolithic policy? > > Yes, the policy rpm from OpenSuse 11.2 is monolithic. > > >> setsebool -P init_upstart=on > >> setsebool -P xdm_sysadm_login=on > >> setsebool -P xserver_object_manager=on > > I think you only need the first boolean setting. > > And we should likely introduce an ifdef for suse in refpolicy that always disables that > > transition so that you don't have to artificially turn on that boolean. > > Ok > > > It would be useful to see the raw audit message with what directory/file is being accessed. > > tmpfs_t indicates a tmpfs mount, which might mean you have a mislabeled tmpfs mount (e.g. > > /dev is a tmpfs mount that should be relabeled by rc.sysinit via restorecon -R /dev). > > See attached raw audit messages from the most recent boot. Can you move aside the audit.log, add the line below to the end of /etc/audit/audit.rules, reboot, and then send the new audit.log? -a exit,always -S chroot That will turn on syscall auditing and should provide more complete information, including PATH= and SYSCALL= records. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
