Michael C Thompson wrote:
> Michael C Thompson wrote:
>
>> Steve Grubb wrote:
>>
>>> Hi,
>>>
>>> The lspp.57 kernel has been published to the lspp yum repo at:
>>> http://people.redhat.com/sgrubb/files/lspp
>>>
>>> - audit xfrm config changes
>>>
>>> - allow polyinstantiation rules where the type is the same (useful
>>> for MLS
>>> level only poly)
>>>
>>> Please let me know if there any problems with this kernel.
>>
>>
>> Has anyone had success on ppc64 ? It looks like the initrd is
>> mis-compiled or something... here is what I am getting...
>
>
> OK, so I managed to get this to work. However, I need to setenforce 0
> first. This is with the selinux-policy-2.4.6-9.fc7 set of packages. I
> upgraded prior to the LSPP call.
>
> There seems to be some difference in doing the rpm -ivh kernel.rpm in
> permissive mode, and run_init rpm -ivh kernel.rpm as secadm_r, but I
> have no idea what...
I wouldn't have expected it to work from run_init because run_init is
for running init scripts. I wouldn't have necessarily expected it to
run as secadm_r but I would expect it to work as sysadm_r. However, it
doesn't. I don't think it ever has.
I tried it as sysadm_r systemhigh and got an error form mkinitrd, which
I have since lost, but I also got alot of avc denies (attached).
I removed the rpm and tried it again as sysadm_r systemlow-systemhigh and
ended up with fewer avcs (attached) but an unbootable system.
Unable to access resume device (/dev/VolGroup00/LogVol01)
mount: could not find filesystem '/dev/root'
setuproot: moving /dev failed: No such file or directory
setuproot: error mounting /proc: No such file or directory
setuproot: error mounting /sys: No such file or directory
switchroot: mount failed: No such file or directory
Kernel panic - not syncing: Attempted to kill init!
-- ljk
>
> I am getting a:
> ybin: /dev/hsa1: Permission denied
> message during the install, my guess is post-install phase problems?
>
> Attached is the audit.log from the install process during enforcing mode.
>
> Thanks,
> Mike
type=USER_ROLE_CHANGE msg=audit(1165941935.982:1290): user pid=25489 uid=0
auid=500 subj=staff_u:sysadm_r:newrole_t:s15:c0.c1023 msg='newrole:
old-context=staff_u:sysadm_r:sysadm_t:SystemHigh
new-context=staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh:
exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=/dev/pts/0 res=success)'
type=AVC msg=audit(1165942010.092:1291): avc: denied { read write } for
pid=25551 comm="depmod" name="0" dev=devpts ino=2
scontext=staff_u:sysadm_r:depmod_t:s0-s15:c0.c1023
tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1165942010.092:1291): avc: denied { read write } for
pid=25551 comm="depmod" name="0" dev=devpts ino=2
scontext=staff_u:sysadm_r:depmod_t:s0-s15:c0.c1023
tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1165942010.092:1291): avc: denied { read write } for
pid=25551 comm="depmod" name="0" dev=devpts ino=2
scontext=staff_u:sysadm_r:depmod_t:s0-s15:c0.c1023
tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1165942010.092:1291): arch=c000003e syscall=59
success=yes exit=0 a0=8dc950 a1=8c3e70 a2=8c8730 a3=8 items=0 ppid=25543
pid=25551 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="depmod" exe="/sbin/depmod"
subj=staff_u:sysadm_r:depmod_t:s0-s15:c0.c1023 key=(null)
type=AVC_PATH msg=audit(1165942010.092:1291): path="/dev/pts/0"
type=AVC_PATH msg=audit(1165942010.092:1291): path="/dev/pts/0"
type=AVC msg=audit(1165941893.450:1274): avc: denied { read write } for
pid=25067 comm="depmod" name="0" dev=devpts ino=2
scontext=staff_u:sysadm_r:depmod_t:s15:c0.c1023
tcontext=staff_u:object_r:sysadm_devpts_t:s15:c0.c1023 tclass=chr_file
type=AVC msg=audit(1165941893.450:1274): avc: denied { read write } for
pid=25067 comm="depmod" name="0" dev=devpts ino=2
scontext=staff_u:sysadm_r:depmod_t:s15:c0.c1023
tcontext=staff_u:object_r:sysadm_devpts_t:s15:c0.c1023 tclass=chr_file
type=AVC msg=audit(1165941893.450:1274): avc: denied { read write } for
pid=25067 comm="depmod" name="0" dev=devpts ino=2
scontext=staff_u:sysadm_r:depmod_t:s15:c0.c1023
tcontext=staff_u:object_r:sysadm_devpts_t:s15:c0.c1023 tclass=chr_file
type=SYSCALL msg=audit(1165941893.450:1274): arch=c000003e syscall=59
success=yes exit=0 a0=8dc950 a1=8c3e70 a2=8c8730 a3=8 items=0 ppid=25059
pid=25067 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="depmod" exe="/sbin/depmod"
subj=staff_u:sysadm_r:depmod_t:s15:c0.c1023 key=(null)
type=AVC_PATH msg=audit(1165941893.450:1274): path="/dev/pts/0"
type=AVC_PATH msg=audit(1165941893.450:1274): path="/dev/pts/0"
type=AVC msg=audit(1165941893.968:1275): avc: denied { write } for pid=25067
comm="depmod" name="2.6.18-1.2840.2.1.el5.lspp.57" dev=dm-0 ino=3375615
scontext=staff_u:sysadm_r:depmod_t:s15:c0.c1023
tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
type=SYSCALL msg=audit(1165941893.968:1275): arch=c000003e syscall=2 success=no
exit=-13 a0=7fffebb49d90 a1=241 a2=1b6 a3=241 items=0 ppid=25059 pid=25067
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
comm="depmod" exe="/sbin/depmod" subj=staff_u:sysadm_r:depmod_t:s15:c0.c1023
key=(null)
type=AVC msg=audit(1165941894.999:1276): avc: denied { write } for pid=25198
comm="lvm.static" name="lvm" dev=dm-0 ino=32538723
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1165941894.999:1276): arch=c000003e syscall=21
success=no exit=-13 a0=7a0ac0 a1=7 a2=0 a3=0 items=0 ppid=25197 pid=25198
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="lvm.static" exe="/sbin/lvm.static"
subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941894.999:1277): avc: denied { write } for pid=25198
comm="lvm.static" name="lvm" dev=dm-0 ino=32538723
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1165941894.999:1277): arch=c000003e syscall=2 success=no
exit=-13 a0=7fff51ff5fb0 a1=442 a2=1ff a3=7ccdb0 items=0 ppid=25197 pid=25198
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="lvm.static" exe="/sbin/lvm.static"
subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941895.009:1278): avc: denied { write } for pid=25198
comm="lvm.static" name=".cache" dev=dm-0 ino=25723788
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_metadata_t:s0 tclass=file
type=SYSCALL msg=audit(1165941895.009:1278): arch=c000003e syscall=2 success=no
exit=-13 a0=7cc170 a1=241 a2=1b6 a3=241 items=0 ppid=25197 pid=25198 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="lvm.static" exe="/sbin/lvm.static"
subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941895.026:1279): avc: denied { write } for pid=25205
comm="lvm.static" name="lvm" dev=dm-0 ino=32538723
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1165941895.026:1279): arch=c000003e syscall=21
success=no exit=-13 a0=7a0ac0 a1=7 a2=0 a3=0 items=0 ppid=25204 pid=25205
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="lvm.static" exe="/sbin/lvm.static"
subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941895.026:1280): avc: denied { write } for pid=25205
comm="lvm.static" name="lvm" dev=dm-0 ino=32538723
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1165941895.026:1280): arch=c000003e syscall=2 success=no
exit=-13 a0=7fff5b828a40 a1=442 a2=1ff a3=7ccdb0 items=0 ppid=25204 pid=25205
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="lvm.static" exe="/sbin/lvm.static"
subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941895.026:1281): avc: denied { write } for pid=25205
comm="lvm.static" name=".cache" dev=dm-0 ino=25723788
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_metadata_t:s0 tclass=file
type=SYSCALL msg=audit(1165941895.026:1281): arch=c000003e syscall=2 success=no
exit=-13 a0=7cc170 a1=241 a2=1b6 a3=241 items=0 ppid=25204 pid=25205 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="lvm.static" exe="/sbin/lvm.static"
subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941895.456:1282): avc: denied { write } for pid=25336
comm="dmsetup" name="control" dev=tmpfs ino=1011
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1165941895.456:1282): arch=c000003e syscall=2 success=no
exit=-13 a0=7fff9231a460 a1=2 a2=0 a3=0 items=0 ppid=25335 pid=25336 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="dmsetup"
exe="/sbin/dmsetup" subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941895.460:1283): avc: denied { write } for pid=25338
comm="dmsetup" name="control" dev=tmpfs ino=1011
scontext=staff_u:sysadm_r:lvm_t:s15:c0.c1023
tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1165941895.460:1283): arch=c000003e syscall=2 success=no
exit=-13 a0=7fff3ccb4420 a1=2 a2=0 a3=0 items=0 ppid=25337 pid=25338 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="dmsetup"
exe="/sbin/dmsetup" subj=staff_u:sysadm_r:lvm_t:s15:c0.c1023 key=(null)
type=AVC msg=audit(1165941896.080:1284): avc: denied { write } for pid=25460
comm="mkinitrd" name="/" dev=cciss/c0d0p1 ino=2
scontext=staff_u:sysadm_r:bootloader_t:s15:c0.c1023
tcontext=system_u:object_r:boot_t:s0 tclass=dir
type=SYSCALL msg=audit(1165941896.080:1284): arch=c000003e syscall=2 success=no
exit=-13 a0=91c410 a1=241 a2=1b6 a3=6f items=0 ppid=25068 pid=25460 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="mkinitrd" exe="/bin/bash" subj=staff_u:sysadm_r:bootloader_t:s15:c0.c1023
key=(null)
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
