>>SELinux Mailing List

Contents

Overview

What's New

Frequently Asked Questions

Background

Documentation

License

Download

Participating

Mail List

Archive Summary

Archive by Thread

Archive by Author

Archive by Date

Archive by Subject

Remaining Work

Contributors

Related Work

Press Releases

RE: Question regarding security policy configuration

From: Paul Rolland <rol_at_as2917.net>
Date: Tue, 4 Sep 2001 15:42:02 +0200

Hello,

This I did, but I think there is something wrong in the setfiles/*, the problem is that from the error messages, I don't know how to translate this to :

a file to check
an item to check in the file(s) in setfiles/*

Paul

Paul Rolland, rol@witbe.net
Witbe.net SA
Directeur Associe

--

Please no HTML, I'm not a browser - Pas d'HTML, je ne suis pas un navigateur

"Some people dreams of success... while others wake up and work hard at it"





> -----Original Message-----

> From: Stephen Smalley [mailto:sds@tislabs.com]

> Sent: Tuesday, September 04, 2001 2:52 PM

> To: Paul Rolland

> Cc: selinux@tycho.nsa.gov

> Subject: Re: Question regarding security policy configuration

>

>

>

> On Sun, 2 Sep 2001, Paul Rolland wrote:

>

> > For example, looking at the first one :

> > Aug 29 17:58:46 www-dev kernel: avc:  denied  { read write }

> for  pid=58

> > exe=/bin/mount path=/etc/mtab dev=08:02 ino=166389

> > Aug 29 17:58:46 www-dev kernel:    scontext=system_u:system_r:mount_t

> > Aug 29 17:58:46 www-dev kernel:    tcontext=system_u:object_r:file_t

> > Aug 29 17:58:46 www-dev kernel:    tclass=file

> > Aug 29 17:58:46 www-dev kernel:

> >

> > I've found in the source tree :

> > /bin/mount: system_u:object_t:mount_exec_t

> > /etc/mtab: system_u:object_r:etc_runtime_t

> >

> > This is different from scontext (Security (?) context) and tcontext

> > (Task (?) context)....

> >

> > It seems I deeply missed some configs, but I can't find them.

> Could someone

> > help me ?

>

> Do the following:

> 	cd setfiles

> 	rm -f relabel

> 	make relabel

>

> This was step #14 of the README.

>

> The scontext is the source security context, which is typically

> the security context of a process (but not always).  The tcontext

> is the target security context, which can be the security

> context of a target process (e.g. for controlling kill) or

> the security context of an object (e.g. for file accesses).

>

> --

> Stephen D. Smalley, NAI Labs

> ssmalley@nai.com

>

>

>

>



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Received on Tue 4 Sep 2001 - 09:54:56 EDT

This message: [ Message body ]
Next message: Stephen Smalley: "[PATCH] Fix for selinux_ip_postroute hook"
Previous message: Stephen Smalley: "Re: Question regarding security policy configuration"
In reply to: Stephen Smalley: "Re: Question regarding security policy configuration"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:26 EDT