On 31/08/16 07:37, ileyd wrote: > > Have you managed to correct the incorrect labelling of /etc? When I've tried to use the MLS policy on RHEL/CentOS 7-7.2, that has stopped logins from working when running in enforcing mode. > So if I turn off the dontaudit rules that issue shows up with unix_chkpwd and mls_constrain AVCs. Admittedly I did notice it was at s15 but thought that was intentional. Though, as most of the files in /etc are at s0 that doesn't sound right. Anyway, changing /etc to s0 allows logins to work; and looks more like what I would expect an out-of-the-box MLS system to look like. Thanks for the advice. -- Paul ---- http://blog.m0noc.com/ | https://keybase.io/m0noc 4329 E4C5 71F3 58B2 2246 D04D 25DA 39C2 3876 FE3D _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
