FC3 Strict Policy
Jeremy Utley
lfsjeremy at gmail.com
Fri May 27 22:42:41 UTC 2005
Hello Everyone!
I'm trying my first foray into experimenting with SELinux, and am
failing before I even get very far. I've installed Fedora Core 3 and
have enabled the SELinux strict policy. The only way I can log into
the system now is if I put the system into permissive mode. Here's
the denied errors I'm getting:
May 27 15:15:18 localhost kernel: audit(1117232118.583:0): avc:
denied { getattr } for pid=4380 exe=/sbin/unix_chkpwd
path=/var/run/winbindd dev=sda1 ino=1653914
scontext=system_u:system_r:system_chkpwd_t
tcontext=system_u:object_r:var_run_t tclass=dir
May 27 15:15:18 localhost kernel: audit(1117232118.586:0): avc: denied { read
write } for pid=4381 exe=/sbin/unix_chkpwd name=tty2 dev=tmpfs
ino=2025 scontext=system_u:system_r:system_chkpwd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
May 27 15:15:18 localhost kernel: audit(1117232118.589:0): avc:
denied { getattr } for pid=4291 exe=/bin/login
path=/var/run/winbindd dev=sda1 ino=1653914
scontext=system_u:system_r:local_login_t
tcontext=system_u:object_r:var_run_t tclass=dir
May 27 15:15:18 localhost kernel: audit(1117232118.590:0): avc:
denied { getattr } for pid=4291 exe=/bin/login path=/root dev=sda1
ino=1864129 scontext=system_u:system_r:local_login_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
The system is fully up to date via yum. I realize some problems can
be expected when using the strict policy as opposed to targeted - but
I can't believe the strict policy would ship in a configuration that
prevents logging into the system.
Anyone got any suggestions - I can't believe I'm the only person who's
faced this, but I did a lot of searching online and couldn't find
anything.
Jeremy
More information about the fedora-selinux-list
mailing list