FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 01-18-2008, 06:51 AM
 
Default 2.6.24-rc8-mm1 and SELinux MLS - not playing nice....

Posting to both lists because I'm not sure who's at fault here....

System is a Dell Latitude D820, x86_64 kernel, userspace is basically
Fedora Rawhide as of earlier today, in particular selinux-policy-mls-3.2.5-12.fc9

Trying to boot a 2.6.24-rc8-mm1 kernel gets me these msgs:

security: 5 users, 8 roles, 2043 types, 102 bools, 16 sens, 1024 cats
security: 67 classes, 164754 rules
security: class peer not defined in policy
security: permission recvfrom in class node not defined in policy
security: permission sendto in class node not defined in policy
security: permission ingress in class netif not defined in policy
security: permission egress in class netif not defined in policy
security: permission forward_in in class packet not found in policy, bad policy
security: the definition of a class is incorrect

2.6.24-rc6-mm1 said this instead:

security: class peer not defined in policy
security: permission recvfrom in class node not defined in policy
security: permission sendto in class node not defined in policy
security: permission ingress in class netif not defined in policy
security: permission egress in class netif not defined in policy
SELinux: policy loaded with handle_unknown=deny

and then proceeded to work OK.

(I suspect this may be the same thing Andrew Morton hit, but I can't be sure).

Anybody got hints on how to move forward? Or is a fixed policy already in the
Rawhide pipe?

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-18-2008, 08:17 AM
James Morris
 
Default 2.6.24-rc8-mm1 and SELinux MLS - not playing nice....

On Fri, 18 Jan 2008, Valdis.Kletnieks@vt.edu wrote:

> Posting to both lists because I'm not sure who's at fault here....
>
> System is a Dell Latitude D820, x86_64 kernel, userspace is basically
> Fedora Rawhide as of earlier today, in particular selinux-policy-mls-3.2.5-12.fc9
>
> Trying to boot a 2.6.24-rc8-mm1 kernel gets me these msgs:
>
> security: 5 users, 8 roles, 2043 types, 102 bools, 16 sens, 1024 cats
> security: 67 classes, 164754 rules
> security: class peer not defined in policy
> security: permission recvfrom in class node not defined in policy
> security: permission sendto in class node not defined in policy
> security: permission ingress in class netif not defined in policy
> security: permission egress in class netif not defined in policy
> security: permission forward_in in class packet not found in policy, bad policy
> security: the definition of a class is incorrect

This looks the same as what akpm hit. Paul Moore has updated his labeled
networking patches (see Subject: [RFC PATCH v12 00/18] Labeled networking
changes for 2.6.25), and you could try dropping those into the broken out
-mm in place of the existing git patch, or just wait for a new -mm.

>
> 2.6.24-rc6-mm1 said this instead:
>
> security: class peer not defined in policy
> security: permission recvfrom in class node not defined in policy
> security: permission sendto in class node not defined in policy
> security: permission ingress in class netif not defined in policy
> security: permission egress in class netif not defined in policy
> SELinux: policy loaded with handle_unknown=deny
>
> and then proceeded to work OK.
>
> (I suspect this may be the same thing Andrew Morton hit, but I can't be sure).
>
> Anybody got hints on how to move forward? Or is a fixed policy already in the
> Rawhide pipe?
>
>

--
James Morris
<jmorris@namei.org>

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-20-2008, 04:01 AM
 
Default 2.6.24-rc8-mm1 and SELinux MLS - not playing nice....

On Fri, 18 Jan 2008 20:17:00 +1100, James Morris said:

> This looks the same as what akpm hit. Paul Moore has updated his labeled
> networking patches (see Subject: [RFC PATCH v12 00/18] Labeled networking
> changes for 2.6.25), and you could try dropping those into the broken out
> -mm in place of the existing git patch, or just wait for a new -mm.

Confirming - I took V12 0-18, cat'ed it into one file, plopped that on top
of the broken-out/git-lblnet.patch and quilted up a test -rc8-mm1 and that
booted without complaints - dmesg says:

SELinux:8192 avtab hash slots allocated. Num of rules:164754
SELinux:8192 avtab hash slots allocated. Num of rules:164754
security: 5 users, 8 roles, 2043 types, 102 bools, 16 sens, 1024 cats
security: 67 classes, 164754 rules
security: class peer not defined in policy
security: permission recvfrom in class node not defined in policy
security: permission sendto in class node not defined in policy
security: permission ingress in class netif not defined in policy
security: permission egress in class netif not defined in policy
security: permission forward_in in class packet not defined in policy
security: permission forward_out in class packet not defined in policy
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
SELinux: initialized (dev dm-0, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
SELinux: initialized (dev configfs, type configfs), uses genfs_contexts
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
SELinux: policy loaded with handle_unknown=deny
type=1403 audit(1200804071.837:2): policy loaded auid=4294967295 ses=4294967295


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-20-2008, 09:10 PM
James Morris
 
Default 2.6.24-rc8-mm1 and SELinux MLS - not playing nice....

On Sun, 20 Jan 2008, Valdis.Kletnieks@vt.edu wrote:

> On Fri, 18 Jan 2008 20:17:00 +1100, James Morris said:
>
> > This looks the same as what akpm hit. Paul Moore has updated his labeled
> > networking patches (see Subject: [RFC PATCH v12 00/18] Labeled networking
> > changes for 2.6.25), and you could try dropping those into the broken out
> > -mm in place of the existing git patch, or just wait for a new -mm.
>
> Confirming - I took V12 0-18, cat'ed it into one file, plopped that on top
> of the broken-out/git-lblnet.patch and quilted up a test -rc8-mm1 and that
> booted without complaints - dmesg says:

Thanks for testing this!

>
> SELinux:8192 avtab hash slots allocated. Num of rules:164754
> SELinux:8192 avtab hash slots allocated. Num of rules:164754
> security: 5 users, 8 roles, 2043 types, 102 bools, 16 sens, 1024 cats
> security: 67 classes, 164754 rules
> security: class peer not defined in policy
> security: permission recvfrom in class node not defined in policy
> security: permission sendto in class node not defined in policy
> security: permission ingress in class netif not defined in policy
> security: permission egress in class netif not defined in policy
> security: permission forward_in in class packet not defined in policy
> security: permission forward_out in class packet not defined in policy
> SELinux: Completing initialization.
> SELinux: Setting up existing superblocks.
> SELinux: initialized (dev dm-0, type ext3), uses xattr
> SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
> SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
> SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
> SELinux: initialized (dev configfs, type configfs), uses genfs_contexts
> SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
> SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
> SELinux: initialized (dev devpts, type devpts), uses transition SIDs
> SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
> SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
> SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
> SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses genfs_contexts
> SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
> SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
> SELinux: initialized (dev proc, type proc), uses genfs_contexts
> SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
> SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
> SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
> SELinux: policy loaded with handle_unknown=deny
> type=1403 audit(1200804071.837:2): policy loaded auid=4294967295 ses=4294967295
>
>
>

--
James Morris
<jmorris@namei.org>

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 11:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org