FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 12-06-2007, 07:51 PM
आशीष Ashish
 
Default SELinux AVC denial during login at tty and some another issue.

Hi list,

I'm getting this SELinux AVC denial on my Gentoo
(2007.0/amd64/no-multilib/PaX) installation at the time of login to the TTY.

type=AVC msg=audit(1196966507.080:55): avc: denied { create } for pid=5858
comm="login" scontext=system_u:system_r:local_login_t
tcontext=system_u:system_r:local_login_t tclass=netlink_route_socket

I'm not able to figure out the reason for this AVC denial. Any ideas, how to
fix ? Shall I add a 'allow' rule or something is messed up.


Another issue is regarding the LDPATH present in "/etc/env.d/04multilib" :

LDPATH="/lib:/usr/lib:/usr/local/lib:/lib64:/usr/lib64:/usr/local/lib64"

On AMD64 architecture, where /usr/lib is symlinked (tclass=lnk_file)
to /usr/lib64, according to above rule:

chatteau ~ $ ldd `which ls`
librt.so.1 => /lib/librt.so.1 (0x00002b73875fe000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00002b7387807000)
libc.so.6 => /lib/libc.so.6 (0x00002b7387a22000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00002b7387d60000)
/lib64/ld-linux-x86-64.so.2 (0x00002b73873e3000)
libdl.so.2 => /lib/libdl.so.2 (0x00002b7387f7b000)
libsepol.so.1 => /lib/libsepol.so.1 (0x00002b738817f000)

According to SELinux policy, only apps can load .so from 'file' class of
object not 'lnk_file'. I'd issues with this few weeks ago, in previous Gentoo
installation (which I wiped off after few days), which went, when I reordered
LDPATH, with 'lib64' before corresponding 'lib'. So this needs to be fixed
too.

TIA
--
Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
 

Thread Tools




All times are GMT. The time now is 01:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org