FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 01-13-2008, 10:32 AM
Antoine Martin
 
Default ssh root login -> root:system_r:system_chkpwd_t !?

Hi,

make.profile -> ../usr/portage/profiles/selinux/2007.0/amd64
Running 2.6.23.13 in non-enforcing mode, targetted policy.

system_u:system_r:sshd_t root sshd: root@pts/0
root:system_r:system_chkpwd_t root pts/0 00:00:00 -bash

The first denials:

[ 140.780441] inode_doinit_with_dentry:
context_to_sid(rootbject_r:staff_tmpfs_t) returned 22 for dev=md2
ino=961000
[ 265.282465] audit(1200225126.688:46): avc: denied { entrypoint }
for pid=6208 comm="sshd" path="/bin/bash" dev=md0 ino=49189
scontext=root:system_r:system_chkpwd_t
tcontext=system_ubject_r:shell_exec_t tclass=file
[ 265.282727] audit(1200225126.688:47): avc: denied { read write }
for pid=6208 comm="bash" name="0" dev=devpts ino=2
scontext=root:system_r:system_chkpwd_t
tcontext=rootbject_r:sshd_devpts_t tclass=chr_file

Any ideas?


Also, was getting some denials because /lib was not labeled:
lrwxrwxrwx root root system_ubject_r:default_t /lib -> lib64
I had to add this to file_contexts:
/lib -l system_ubject_r:lib_t
How come?

Cheers
Antoine
--
gentoo-hardened@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 05:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org