[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

SE Linux Questions

From: "Jason Montleon" <monty19 hotmail com>
To: fedora-test-list redhat com
Subject: SE Linux Questions
Date: Tue, 13 Apr 2004 15:48:08 +0000

First off I profess total newbie when it comes to SE Linux, I've been reading SE Linux and SE Linux Policy HOWTO's and FAQ's for the last couple days and my head is spinning, so bare with me.

I have my system running in runlevel 3, which is how I prefer.
When I log in with my account on my system I get the following:

Your default context is user_u:sysadm_r:sysadm_t.

Do you want to choose a different one? [n]

I choose no and move on, fair enough. However, if I try to run startx I get the following : Apr 13 11:21:01 fc2 kernel: audit(1081869661.602:0): avc: denied { search } for pid=8996 exe=/usr/X11R6/bin/xauth name=jason dev=hda4 ino=581186 scontext=user_u:sysadm_r:sysadm_xauth_t tcontext=system_u:object_r:user_home_dir_t tclass=dir

So I logged out (newrole doesn't seem to be playing nice but that could be matter of PEBCAK) and back in this time selecting user_u:user_r:user:t Now I can run startx but when I try to run the system-control-network program, I just get tons of these messages on the screen if I hit Ctrl-Alt-F[1-6]: Apr 13 11:11:12 fc2 kernel: audit(1081869072.436:0): avc: denied { setuid } for pid=1237 exe=/bin/bash capability=7 scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=capability Apr 13 11:11:12 fc2 kernel: audit(1081869072.471:0): avc: denied { setuid } for pid=1237 exe=/usr/sbin/usernetctl capability=7 scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=capability

Using su to login as me again I choose user_u:sysadm_r:sysadm_t in a gnome-terminal or xterm or whatever and now when I run system-control-network from that terminal and it runs as expected (as a user, which I have by the way configured users to be able to activate/deactive the network interface)

Also I originally had sendmail installed and did 'rpm -e --nodeps sendmail' then 'yum install postfix' Now when postfix starts at system boot up it is giving this error message: Apr 13 10:27:24 fc2 kernel: audit(1081866443.844:0): avc: denied { write } for pid=1356 exe=/usr/sbin/postalias name=postfix dev=hda4 ino=1904993 scontext=system_u:system_r:postfix_master_t tcontext=system_u:object_r:postfix_etc_t tclass=dir

I'm not asking how to fix all this per se; when my head stops swimming in info and sorts it out I'll manage that, but how much of this is bad/unsorted out default policy problems that needs to be told to the proper person/bugzilla'd and how much is just getting used to the ways of SE Linux?

This is with all RPM's updated as of 30 minutes or so ago...

Thanks,
Jason

_________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page ? FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/

Follow-Ups:
- Re: SE Linux Questions
  - From: Phil Schaffner
- Re: SE Linux Questions
  - From: Jim Cornette
- Re: SE Linux Questions
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]