SE Linux policy

[Krzysztof Mazurczyk]

On Sat, 24/Apr/04 22:23:10, Russell Coker wrote:
> On Fri, 23 Apr 2004 06:23, Krzysztof Mazurczyk <kmazurczyk at wskiz.poznan.pl> 
> wrote:
> > I have started playing with new SE Linux. I have it already running.
> > BTW minor question: There are messages in log that /sbin/unix_verify
> > is denied to do something. System is seemed to work well. Because
> > /sbin/unix_verify is from libpam-modules I'm not sure what to do -
> > ignore or add some rules to policy for /sbin/unix_verify.
> 
> What access is denied?
> 
avc:  denied  { getattr } for  pid=1768 exe=/sbin/unix_verify 
path=/proc/1768/mounts dev= ino=115867664 scontext=system_u:system_r:
system_chkpwd_t tcontext=system_u:system_r:system_chkpwd_t tclass=file

avc:  denied  { use } for  pid=3608 exe=/sbin/unix_verify path=/dev/null
dev=sda2 ino=2021 scontext=system_u:system_r:system_chkpwd_t tcontext=
system_u:system_r:system_crond_t tclass=fd

avc:  denied  { read write } for  pid=1795 exe=/sbin/unix_verify
path=/dev/tty1 dev=sda2 ino=2845 scontext=system_u:system_r:
system_chkpwd_t tcontext=root:object_r:sysadm_tty_device_t tclass=
chr_file

avc:  denied  { search } for  pid=1795 exe=/sbin/unix_verify name=run
dev=sda5 ino=31172 scontext=system_u:system_r:system_chkpwd_t
tcontext=system_u:object_r:var_run_t tclass=dir

> > I can run user-mode-linux from my shell but I need to run UML when main
> > system boots. UML should generaly run via nohup program in background
> > mode. My main question is how to that.
> 
> The following is the start of what is needed for a first cut at it.  Try it 
> and let me know how it goes.
> domain_auto_trans(initrc_t, uml_exec_t, sysadm_uml_t)
>
Yes, I have found it. But then I've got 'security-compute-sid: invalid
context system_u:system_r:sysadm_uml_t for scontext=system_u:system_r:
initrc_t tcontext=system_u:object_r:uml_exec_t tclass=process'. Googling
hasn't told me what to do.

Regards,
Chris