mrtg selinux denials in default configuration
David Timms
dtimms at iinet.net.au
Tue Apr 15 12:51:19 UTC 2008
Daniel J Walsh wrote:
> # semanage user -l
> # semanage login -l
#assume DJW_REQUESTING_RESULT:
# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Lvl MCS Range
SELinux Roles
root user s0 SystemLow-SystemHigh
system_r staff_r unconfined_r sysadm_r
staff_u user s0 SystemLow-SystemHigh
system_r staff_r sysadm_r
sysadm_u user s0 SystemLow-SystemHigh
sysadm_r
system_u user s0 SystemLow-SystemHigh
system_r
unconfined_u unconfined s0 SystemLow-SystemHigh
system_r unconfined_r
user_u user s0 s0 user_r
# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u SystemLow-SystemHigh
root unconfined_u SystemLow-SystemHigh
system_u system_u SystemLow-SystemHigh
As an aside, I erased mrtg yesterday - mo more mrtg denials.
Reinstalled mrtg just now, mrtg denials every five minutes. It is also
possible that when originally installed under F8, that I attempted to
configure it, but I can't find any evidence of that in /etc ...etc. My
other machine doesn't popup the denials with a default install, so I
expect there must be some invalid or selinux not configured to match
service requirements.
===
Actually running same -l on another f9beta notebook:
# semanage user -l {has the ones above plus:}
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range
SELinux Roles
guest_u guest s0 s0 guest_r
xguest_u xguest s0 s0
xguest_r
# semanage login -l {same 3 items, except the selinux user for root is
different}.
Login Name SELinux User MLS/MCS Range
root root SystemLow-SystemHigh
Given autorelabel doesn't seem to solve it, is it worth {possible} to
rpm -e the targeted policy, then reinstall it - or am I barking up the
wrong tree ?
=====
DaveT.
More information about the fedora-selinux-list
mailing list