SE Linux Questions
Jason Montleon
monty19 at hotmail.com
Tue Apr 13 15:48:08 UTC 2004
First off I profess total newbie when it comes to SE Linux, I've been
reading SE Linux and SE Linux Policy HOWTO's and FAQ's for the last couple
days and my head is spinning, so bare with me.
I have my system running in runlevel 3, which is how I prefer.
When I log in with my account on my system I get the following:
Your default context is user_u:sysadm_r:sysadm_t.
Do you want to choose a different one? [n]
I choose no and move on, fair enough. However, if I try to run startx I get
the following :
Apr 13 11:21:01 fc2 kernel: audit(1081869661.602:0): avc: denied { search
} for pid=8996 exe=/usr/X11R6/bin/xauth name=jason dev=hda4 ino=581186
scontext=user_u:sysadm_r:sysadm_xauth_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
So I logged out (newrole doesn't seem to be playing nice but that could be
matter of PEBCAK)
and back in this time selecting user_u:user_r:user:t
Now I can run startx but when I try to run the system-control-network
program, I just get tons of these messages on the screen if I hit
Ctrl-Alt-F[1-6]:
Apr 13 11:11:12 fc2 kernel: audit(1081869072.436:0): avc: denied { setuid
} for pid=1237 exe=/bin/bash capability=7 scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=capability
Apr 13 11:11:12 fc2 kernel: audit(1081869072.471:0): avc: denied { setuid
} for pid=1237 exe=/usr/sbin/usernetctl capability=7
scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t
tclass=capability
Using su to login as me again I choose user_u:sysadm_r:sysadm_t in a
gnome-terminal or xterm or whatever and now when I run
system-control-network from that terminal and it runs as expected (as a
user, which I have by the way configured users to be able to
activate/deactive the network interface)
Also I originally had sendmail installed and did 'rpm -e --nodeps sendmail'
then 'yum install postfix' Now when postfix starts at system boot up it is
giving this error message:
Apr 13 10:27:24 fc2 kernel: audit(1081866443.844:0): avc: denied { write }
for pid=1356 exe=/usr/sbin/postalias name=postfix dev=hda4 ino=1904993
scontext=system_u:system_r:postfix_master_t
tcontext=system_u:object_r:postfix_etc_t tclass=dir
I'm not asking how to fix all this per se; when my head stops swimming in
info and sorts it out I'll manage that, but how much of this is bad/unsorted
out default policy problems that needs to be told to the proper
person/bugzilla'd and how much is just getting used to the ways of SE Linux?
This is with all RPM's updated as of 30 minutes or so ago...
Thanks,
Jason
_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page FREE
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/
More information about the fedora-test-list
mailing list