setroub;eshoot problem

[max]

Steve wrote:
> ---- max bianco <maximilianbianco at gmail.com> wrote: 
>> On Mon, Jul 14, 2008 at 8:55 AM, Steve <zephod at cfl.rr.com> wrote:
>>> I went to start setroubleshoot, Applications->System Tools->SE Linux Troubleshooter and I get this message:
>>>
>>> connection failed at /var/run/setroubleshoot/setroubleshoo_tserver. Connection refused
>>>
>>> #ls -lZ /var/run/setroubleshoot/setroubleshoot_server
>>> srw-rw-rw-  root root system_u:object_r:setroubleshoot_var_run_t /var/run/setroubleshoot/setroubleshoot_server
>>>
>> That looks right. Is it F8 or F9?
> 
> Found some more interesting AVC messages in /var/log/dmesg, This doesn't mean anything to me. Where is the best place to go to get a little more educated about what all this is supposed to mean?
> 
> Thanks,
> Steve
> 
That depends on what you already know about SELinux. I have found alot 
of material but its never enough for me:^) This is as good a place to 
start as any(probably better than most):

http://fedoraproject.org/wiki/SELinux

Depending on how deep you want to get you might look up the Flask 
Security Architecture. There is a PDF available, its not very long but 
its informative. There are also a few SELinux specific papers out there. 
I am reading SELinux by Example, it seems very complete so far and 
actually references some of the available papers throughout. As for the 
errors below I am assuming this is the first time you've seen them since 
you just installed policy.  Did you uninstall the policy at some point? 
Has the machine always, from day of install, been in permissive? Was 
this a fresh install or an upgrade? Are there any AVC's or error 
messages, related to SELinux, in the logs from before policy was installed?

> ...
> SELinux:8192 avtab hash slots allocated. Num of rules:68341
> SELinux:8192 avtab hash slots allocated. Num of rules:68341
> security:  3 users, 6 roles, 1823 types, 80 bools, 1 sens, 1024 cats
> security:  61 classes, 68341 rules
> security:  class peer not defined in policy
> security:  class capability2 not defined in policy
> security:  permission recvfrom in class node not defined in policy
> security:  permission sendto in class node not defined in policy
> security:  permission ingress in class netif not defined in policy
> security:  permission egress in class netif not defined in policy
> security:  permission setfcap in class capability not defined in policy
> security:  permission forward_in in class packet not defined in policy
> security:  permission forward_out in class packet not defined in policy
> SELinux:  Completing initialization.
> SELinux:  Setting up existing superblocks.
> SELinux: initialized (dev dm-0, type ext3), uses xattr
> SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
> SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
> SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
> SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
> SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts
> SELinux: initialized (dev devpts, type devpts), uses transition SIDs
> SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
> SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
> SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
> SELinux: initialized (dev anon_inodefs, type anon_inodefs), not configured for labeling
> SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
> SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
> SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
> SELinux: initialized (dev proc, type proc), uses genfs_contexts
> SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
> SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
> SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
> SELinux: policy loaded with handle_unknown=deny
> type=1403 audit(1216200106.325:2): policy loaded auid=4294967295 ses=4294967295
> type=1400 audit(1216200107.996:3): avc:  denied  { read write } for  pid=505 comm="restorecon" path="/dev/console" dev=tmpfs ino=233 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1216200109.580:4): avc:  denied  { create } for  pid=731 comm="hwclock" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=netlink_audit_socket
> type=1400 audit(1216200109.594:5): avc:  denied  { getattr } for  pid=731 comm="hwclock" path="/etc/adjtime" dev=dm-0 ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:adjtime_t:s0 tclass=file
> type=1400 audit(1216200109.594:6): avc:  denied  { read } for  pid=731 comm="hwclock" name="adjtime" dev=dm-0 ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:adjtime_t:s0 tclass=file
> type=1400 audit(1216200109.819:7): avc:  denied  { sys_time } for  pid=731 comm="hwclock" capability=25 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability
> type=1400 audit(1216214509.907:8): avc:  denied  { write } for  pid=731 comm="hwclock" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=netlink_audit_socket
> type=1400 audit(1216214510.000:9): avc:  denied  { nlmsg_relay } for  pid=731 comm="hwclock" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=netlink_audit_socket
> type=1400 audit(1216214510.000:10): avc:  denied  { audit_write } for  pid=731 comm="hwclock" capability=29 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability
> type=1400 audit(1216214510.000:11): avc:  denied  { read } for  pid=731 comm="hwclock" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=netlink_audit_socket
> ...
> 
> 


-- 
Fortune favors the BOLD