On Fri, 2002-01-25 at 10:03, Paul Krumviede wrote:
> --On Friday, 25 January, 2002 09:36 -0500 Timothy Wood
> <timothy@hallcomp.com> wrote:
>
> are you running this inside a VMware virtual machine? i had to create
> a policy file for that environment (which is yet to be tested with the
> latest release; i'll send it to the list once that happens). the VMware
> dualconf script instantiates /etc/modules.conf (and some other
> files for X11) as a symlink to the appropriate "real" file depending
> on whether one boots the guest OS as a virtual machine or on the
> real hardware.
>
> -paul

Yes, I am running it in a VM. I just looked at the context of the modules files in /etc and noticed they were different, probably because I installed the VMware tools after I relabled the files. I did a make relabel and I can insmod things now but the lo and eth0 interfaces still never raise. What I still don't see is how the lo interface never loads because as far as I know the lo interface doesn't have a module. I'm sifting through dmesg once again, a little more closely this time, and I"m seeing a lot of wierd things. Someone tell me if all this looks right.

(right after journalled loads)
kernel: There is already a security framework initialized, register_security failed.
kernel: Failure registering capabilities with the kernel kernel: selinux_register_security: Registering secondary module capability
localhost kernel: Capability LSM initialized

...

kernel: pcnet32_probe_pci: found device 0x001022.0x002000
kernel: PCI: Enabling device 00:11.0 (0001 -> 0003)
kernel: PCI: Assigned IRQ 10 for device 00:11.0

kernel: ioaddr=0x001080 resource_flags=0x000101
kernel: eth0: PCnet/PCI II 79C970A at 0x1080, 00 50 56 4a 80 ad
kernel: pcnet32: pcnet32_private lp=c1151000 lp_dma_addr=0x1151000

...

kernel: task_precondition: assigning context system_u:system_r:kernel_t to pid 1 exe=none
kernel: task_precondition: assigning context system_u:system_r:kernel_t to pid 1 exe=none

...

kernel: avc: denied { read } for pid=74 exe=/sbin/insmod path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:insmod_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file kernel:
kernel: avc: denied { read } for pid=108 exe=/sbin/depmod path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:depmod_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file kernel:
kernel: avc: denied { read } for pid=110 exe=/bin/grep path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file kernel: task_precondition: assigning context system_u:system_r:init_t to pid 2 exe=none
kernel: task_precondition: assigning context system_u:system_r:kernel_t to pid 3 exe=none
kernel: task_precondition: assigning context system_u:system_r:kernel_t to pid 4 exe=none
kernel: task_precondition: assigning context system_u:system_r:kernel_t to pid 5 exe=none
kernel: task_precondition: assigning context system_u:system_r:kernel_t to pid 6 exe=none
kernel: task_precondition: assigning context system_u:system_r:init_t to pid 7 exe=none

...

kernel: avc: denied { read } for pid=220 exe=/usr/sbin/updfstab path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:fsadm_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file

...

kernel: avc: denied { read } for pid=220 exe=/usr/sbin/updfstab path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:fsadm_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file

...

kernel: avc: denied { unlink } for pid=251 exe=/bin/rm path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file

...

kernel: avc: denied { unlink } for pid=253 exe=/bin/rm path=/etc/X11/X dev=08:01 ino=102038 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:etc_t tclass=lnk_file

...

kernel: avc: denied { read } for pid=268 exe=/sbin/insmod path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:kmod_t
tcontext=system_u:object_r:etc_runtime_t tclass=lnk_file

...

kernel: avc: denied { read } for pid=329 exe=/sbin/insmod path=/etc/modules.conf dev=08:01 ino=213709 scontext=system_u:system_r:insmod_t
tcontext=system_u:object_r:etc_runtime_t tclass=lnk_file

...

network: Setting network parameters: succeeded ifup: Cannot send dump request: Connection refused

now I tried doing a tail -f on /var/log/messages and then switching to another VT to raise both the lo and eth0 interfaces and nothing was logged but I still get that dump request refused message. Could the selinux be blocking the device from being opened or something?

I'm going to download this new version, but should I just get the patch and apply it to the current version I have or what?

Timothy,

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



application/pgp-signature attachment: stored