SE Linux Questions

Jason Montleon monty19 at hotmail.com
Tue Apr 13 15:48:08 UTC 2004


First off I profess total newbie when it comes to SE Linux, I've been 
reading SE Linux and SE Linux Policy HOWTO's and FAQ's for the last couple 
days and my head is spinning, so bare with me.

I have my system running in runlevel 3, which is how I prefer.
When I log in with my account on my system I get the following:

Your default context is user_u:sysadm_r:sysadm_t.

Do you want to choose a different one? [n]

I choose no and move on, fair enough.  However, if I try to run startx I get 
the following :
Apr 13 11:21:01 fc2 kernel: audit(1081869661.602:0): avc:  denied  { search 
} for  pid=8996 exe=/usr/X11R6/bin/xauth name=jason dev=hda4 ino=581186 
scontext=user_u:sysadm_r:sysadm_xauth_t 
tcontext=system_u:object_r:user_home_dir_t tclass=dir


So I logged out (newrole doesn't seem to be playing nice but that could be 
matter of PEBCAK)
and back in this time selecting user_u:user_r:user:t
Now I can run startx but when I try to run the system-control-network 
program, I just get tons of these messages on the screen if I hit 
Ctrl-Alt-F[1-6]:
Apr 13 11:11:12 fc2 kernel: audit(1081869072.436:0): avc:  denied  { setuid 
} for  pid=1237 exe=/bin/bash capability=7 scontext=user_u:user_r:user_t 
tcontext=user_u:user_r:user_t tclass=capability
Apr 13 11:11:12 fc2 kernel: audit(1081869072.471:0): avc:  denied  { setuid 
} for  pid=1237 exe=/usr/sbin/usernetctl capability=7 
scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t 
tclass=capability

Using su to login as me again I choose user_u:sysadm_r:sysadm_t in a 
gnome-terminal or xterm or whatever and now when I run 
system-control-network from that terminal and it runs as expected (as a 
user, which I have by the way configured users to be able to 
activate/deactive the network interface)

Also I originally had sendmail installed and did 'rpm -e --nodeps sendmail' 
then 'yum install postfix' Now when postfix starts at system boot up it is 
giving this error message:
Apr 13 10:27:24 fc2 kernel: audit(1081866443.844:0): avc:  denied  { write } 
for  pid=1356 exe=/usr/sbin/postalias name=postfix dev=hda4 ino=1904993 
scontext=system_u:system_r:postfix_master_t 
tcontext=system_u:object_r:postfix_etc_t tclass=dir

I'm not asking how to fix all this per se; when my head stops swimming in 
info and sorts it out I'll manage that, but how much of this is bad/unsorted 
out default policy problems that needs to be told to the proper 
person/bugzilla'd and how much is just getting used to the ways of SE Linux?

This is with all RPM's updated as of 30 minutes or so ago...

Thanks,
Jason

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE 
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/





More information about the fedora-test-list mailing list