FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-16-2008, 02:40 PM
Stephen Smalley
 
Default Fwd: :- Problem for mapping between the Linux user to SELinux user for fedora 8

On Sun, 2008-06-15 at 22:06 +0530, prakash hallalli wrote:
> Hi...
>
> Now I am trying to configuring RBAC using MLS (Multilevel Security)
> Policy for fedora 8.
> Because i have read danwalsh jornal he side MLS policy is more use
> full for RBAC.

Again, to clarify, you don't have to use MLS policy if all you want is
roles. And Fedora 9 is the latest release of Fedora.

> http://danwalsh.livejournal.com/?skip=40
> Using RBAC In FC5/MLS Policy
>
> So i am using MLS policy for RBAC. Here i have installed MLS packages
> and changed to targeted policy in to mls policy.
> Then i have configured the roles for users but i couldn't set the
> roles because when i am setting the roles it will display the error
> message.
>
> Steps to reproduce:
>
> 1) Adding the SELinux audit user using semanage command.
>
> # semanage user -a -R staff_r -R auditadm_r -P staff audit_u
>
> 2) Here i am checking SELinux user.
>
> [root@turtle2 ~]# semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range
> SELinux Roles
>
> audit_u staff SystemLow SystemLow
> staff_r auditadm_r
> root sysadm SystemLow SystemLow:SystemLow-SystemHigh
> system_r sysadm_r staff_r secadm_r auditadm_r
> staff_u staff SystemLow SystemLow:SystemLow-SystemHigh
> sysadm_r staff_r secadm_r auditadm_r
> sysadm_u sysadm SystemLow SystemLow:SystemLow-SystemHigh
> sysadm_r
> system_u user SystemLow SystemLow:SystemLow-SystemHigh
> system_r
> user_u user SystemLow SystemLow
> system_r user_r
> [root@turtle2 ~]#
>
> 3) Now i am setting the Linux user to SELinux users, when i am setting
> the SELinux user it will throw the error message as follows.
>
> [root@turtle2 ~]# semanage login -a -s audit -r SystemLow-SystemHigh
> prakash
> libsemanage.validate_handler: selinux user audit does not exist No
> such file or directory.
> libsemanage.validate_handler: seuser mapping [prakash -> (audit,
> s0-s15:c0.c1023)] is invalid No such file or directory.
> libsemanage.dbase_llist_iterate: could not iterate over records No
> such file or directory.
> /usr/sbin/semanage: Could not add login mapping for prakash
> [root@turtle2 ~]#

You typed "audit" rather than "audit_u" above. Looks like a typo in the
blog.

>
> 4) I am using sysadm_r root information as follows
>
> [root@turtle2 ~]# id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(di sk),10(wheel)
> context=root:sysadm_r:sysadm_t:SystemLow:SystemLow-SystemHigh
> [root@turtle2 ~]#
>
> 5) This is i am getting audit log messages using ausearch command.
>
> [root@turtle2 ~]# ausearch -i -m AVC -sv no
> type=SYSCALL msg=audit(06/02/2008 22:09:05.165:6877768) : arch=i386
> syscall=read success=no exit=-13(Permission denied) a0=3 a1=9098808
> a2=400 a3=400 items=0 ppid=1 pid=2060 auid=unset uid=root gid=root
> euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
> tty=(none) comm=gam_server exe=/usr/libexec/gam_server
> subj=system_u:system_r:rpm_t:s0-s15:c0.c1023 key=(null)
> type=AVC msg=audit(06/02/2008 22:09:05.165:6877768) : avc: denied
> { read } for pid=2060 comm=gam_server path=inotify dev=inotifyfs
> ino=1 scontext=system_u:system_r:rpm_t:s0-s15:c0.c1023
> tcontext=system_ubject_r:inotifyfs_t:s0 tclass=dir
>
> I don't know why its throwing this error. I have searched in to google
> but i couldn't find.
>
> Please help me what should i do.
>
> Thanks,
> Prakash
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 05:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org