Hi,
I followed the steps on
http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml?part=2
to convert an existing system to SELinux and also have gone through the
"Troubleshooting SELinux" section of the handbook but with no success.
I use the "selinux/2005.1/x86" profile, kernel "2.6.14-hardened-r5",
policy version 20, XFS as root filesystem, udev.
I re-emerged all packages of the whole system, relabeled the whole
filesystem, restorecon /dev, did a "rlpkg" of sysvinit, bash, glibc,
pam, openssh, coreutils and many others, but nothing helps.
According to the troubleshooting section in the handbook everything
looks fine, all the suggested commands work without warnings or errors,
all security labels are set like shown, but things still do not work.
For example I can do the following:
cd /etc/security/selinux/src/policy
make clean
make install
make load
ls
and as result I get the following syslog message;
==> /var/log/kern.log <==
Mar 18 12:36:47 server audit(1142681807.921:440): avc: denied {
getattr } for pid=24263 comm="ls" name="COPYING" dev=sda2 ino=234881155
scontext=root:staff_r:staff_t tcontext=system_u:object_r:named_zone_t
tclass=dir
[...]
And of course hundreds more, once from every command I call, even init
and bash are denied - so I can only boot up the machine in permissive mode.
Here what "sestatus" shows:
----------------------------------
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Policy version: 20
Policy booleans:
secure_mode inactive
ssh_sysadm_login inactive
user_ping inactive
----------------------------------
Any ideas what goes wrong ?
Did I miss something ?
thanks,
Thomas
--
[email protected] mailing list
