SELinux: security_context_to_sid error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 08/13/2012 05:10 PM, Anamitra Dutta Majumdar (anmajumd) wrote: The policy expected to include the MLS componant? system_u:object_r:tmpfs_t:s0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlApdIwACgkQrlYvE4MpobNdwACgzekTr8Ho/M9RcmycK7NLXTaE SyQAn2TktuUvXzuVylDwOa1R8zQjmsh6 =Q7/z -----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux: security_context_to_sid error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 08/13/2012 05:10 PM, Anamitra Dutta Majumdar (anmajumd) wrote: > We are trying to port over our policies from RHEL5 based CUCM release to > RHEL6 based release. We are starting selinux in permissive mode. > > When the system comes up during firstboot it gets stuck at a certain > point. When we check the syslogs we find that they are empty. > > On checking the message buffer we find the following entries > > *SELinux: security_context_to_sid(system_u:object_r:tmpfs_t) failed for > (dev dbcfs, type dbcfs) errno=-22 Kill signal sent to compthread* > The policy expected to include the MLS componant? system_u:object_r:tmpfs_t:s0 > What could be causing such an error in RHEL6. The same policies work fine > on RHEL5. > > Any pointers would be greatly appreciated. > > Thanks, Anamitra > > > -- selinux mailing list selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlApdIwACgkQrlYvE4MpobMKxgCgmX5u70WAol IJ2G8CJliz057l MLYAn0UWV9tZILJomuJCV5Au2uNIg6Mj =+HVY -----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux: security_context_to_sid error
Hi Dan,
Thanks for your response. I do not see any denials though. What policies should I be checking for. -Anamitra On 8/13/12 2:41 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 08/13/2012 05:10 PM, Anamitra Dutta Majumdar (anmajumd) wrote: > >The policy expected to include the MLS componant? >system_u:object_r:tmpfs_t:s0 > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.12 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >iEYEARECAAYFAlApdIwACgkQrlYvE4MpobNdwACgzekTr8H o/M9RcmycK7NLXTaE >SyQAn2TktuUvXzuVylDwOa1R8zQjmsh6 >=Q7/z >-----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux: security_context_to_sid error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 08/13/2012 06:55 PM, Anamitra Dutta Majumdar (anmajumd) wrote: > Hi Dan, > > Thanks for your response. > > I do not see any denials though. > > What policies should I be checking for. > I am not sure what you are doing, but if you have a compiled policy on an Older OS, you should recompile it on the NEW Os. not just attempt to install a policy module. http://danwalsh.livejournal.com/49762.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAqVlkACgkQrlYvE4MpobMUvgCgsiHuJ9wOaq VdfdR1R8lAQhRi u8wAoN6tL4tz9d34PRkTOaJpZWVLQGXs =SsuI -----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux: security_context_to_sid error
On Mon, 2012-08-13 at 21:10 +0000, Anamitra Dutta Majumdar (anmajumd)
wrote: > We are trying to port over our policies from RHEL5 based CUCM release > to RHEL6 based release. We are starting selinux in permissive mode. > > > When the system comes up during firstboot it gets stuck at a certain > point. When we check the syslogs we find that they are empty. > > > On checking the message buffer we find the following entries > > > SELinux: security_context_to_sid(system_u:object_r:tmpfs_t) failed for > (dev dbcfs, type dbcfs) errno=-22 > Kill signal sent to compthread This means you tried to pass context=system_u:object_r:tmpfs_t as a mount option (e.g. from /etc/fstab or the mount command line) when mounting the dbcfs (which is what?), and you need to specify the :s0 suffix on the context for the MLS/MCS label. > > What could be causing such an error in RHEL6. The same policies work > fine on RHEL5. > > > Any pointers would be greatly appreciated. > > > Thanks, > Anamitra > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux -- Stephen Smalley National Security Agency -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux: security_context_to_sid error
Hi Dan,
We are compiling our policies on the new OS and then installing it. All the policies install fine. When the box comes up after firstboot following the install that is when we see this error in the D message buffer. Here are our current entries in the /etc/fstab file # UUID=0325a3b6-4c4d-468d-8d41-218a625104af / ext4 defaults,noatime 1 1 UUID=9da9fcd3-127a-4cfd-8354-bda6b7b12b39 /common ext4 defaults 1 2 UUID=43b41e10-8147-4e6b-95fd-663b904a248a /grub ext4 defaults 1 2 UUID=a0e34fd5-d4a8-48e0-a1e8-c58b38880dd6 /partB ext4 defaults 1 0 UUID=41d14b91-c85d-4a69-8c35-df8213a0647c swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 none /var/log/ramfs/cm/trace/ccm/sdi dbcfs noauto,uid=513,gid=506,mode=0770,size=128M,wproc=c cm,dest=/var/log/active/c m/trace/ccm/sdi 0 0 none /var/log/ramfs/cm/trace/ccm/sdl dbcfs noauto,uid=513,gid=506,mode=0770,size=128M,wproc=c cm,dest=/var/log/active/c m/trace/ccm/sdl 0 0 none /var/log/ramfs/cm/trace/ccm/calllogs dbcfs noauto,uid=513,gid=506,mode=0770,size=128M,wproc=c cm,dest=/var/log/active/c m/trace/ccm/calllogs 0 0 none /var/log/ramfs/cm/trace/ccm/dntrace dbcfs noauto,uid=513,gid=506,mode=0770,size=128M,wproc=c cm,dest=/var/log/active/c m/trace/ccm/dntrace 0 0 none /var/log/ramfs/cm/trace/lbm/sdl dbcfs noauto,uid=0,gid=506,mode=0770,size=128M,wproc=lbm ,dest=/var/log/active/cm/ trace/lbm/sdl 0 0 none /var/log/ramfs/cm/trace/cti/sdi dbcfs noauto,uid=513,gid=506,mode=0770,size=128M,wproc=C TIManager,dest=/var/log/a ctive/cm/trace/cti/sdi 0 0 none /var/log/ramfs/cm/trace/cti/sdl dbcfs noauto,uid=513,gid=506,mode=0770,size=128M,wproc=C TIManager,dest=/var/log/a ctive/cm/trace/cti/sdl 0 0 ~ Thanks, Anamitra On 8/14/12 6:44 AM, "Daniel J Walsh" <dwalsh@redhat.com> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 08/13/2012 06:55 PM, Anamitra Dutta Majumdar (anmajumd) wrote: >> Hi Dan, >> >> Thanks for your response. >> >> I do not see any denials though. >> >> What policies should I be checking for. >> >I am not sure what you are doing, but if you have a compiled policy on an >Older OS, you should recompile it on the NEW Os. not just attempt to >install a >policy module. > >http://danwalsh.livejournal.com/49762.html >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.12 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >iEYEARECAAYFAlAqVlkACgkQrlYvE4MpobMUvgCgsiHuJ9wOa qVdfdR1R8lAQhRi >u8wAoN6tL4tz9d34PRkTOaJpZWVLQGXs >=SsuI >-----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 01:01 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.