On Fri, Aug 10, 2012 at 12:18:05PM -0400, Stephen Smalley wrote: > On Fri, 2012-08-10 at 12:08 -0400, Stephen Smalley wrote: > > On Fri, 2012-08-10 at 17:44 +0200, Ole Kliemann wrote: > > > PS: Have you actually reproduced this problem? Could still be > > > something else broken on my system... > > > > No, I haven't tried, as you didn't supply a complete policy. > > > > Two other items to double check: > > - Are you running auditd, and if so, did you check that you aren't > > flooding it? That won't show up in dmesg, only > > in /var/log/audit/audit.log. > > > > - Are you running mcstrans? If so, disable it. > > Also, what does cat /sys/fs/selinux/policyvers show and what is the > version suffix on the policy file under /etc/selinux/.../policy? And > what is your kernel version? I don't have an auditd, not running mcstransd and also had disabled restorecond. I take it, /sys/fs/selinux is equivalent to /selinux? /sys/fs/selinux is empty on both my Ubuntu systems. /selinux/policyver in 26 as is the suffix of the policy file. Complete policy is attached. choke/src/support/choke.spt can be tuned to suck even more. Do 'make load' in choke/src/ and you are good to go.
Attachment:
choke.tar.bz2
Description: Binary data
Attachment:
signature.asc
Description: Digital signature
