[DSE-Dev] [martin at martinorr.name: /selinux getattr messages]
Václav Ovsík
vaclav.ovsik at i.cz
Fri Nov 16 12:59:23 UTC 2007
Hello,
I'm trying to stabilize refpolicy-20070928 on Debian Etch.
Repository with some updated selinux packages will be available soon.
I took packages from Sid and updated these with 20070928 upstream
releases.
I'm SELinux beginer, but my intention is to understand the SELinux
finally :) and run targeted and possibly strict policies in production
environment on Debian.
Currently I'm booting Xen DomU Debian Etch in permissive mode.
There are two audit messages, and I found solution (attached) in
selinux-devel at lists.alioth.debian.org.
audit(1195215260.590:3): avc: denied { getattr } for pid=760
comm="mount" name="/" dev=selinuxfs ino=475
scontext=system_u:system_r:mo
unt_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
audit(1195215263.626:6): avc: denied { getattr } for pid=1017
comm="swapon" name="/" dev=selinuxfs ino=475 scontext=system_u:system_r:
fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
So after insertion
selinux_get_fs_mount(fsadm_t)
-> ./policy/modules/system/fstools.te
selinux_get_fs_mount(mount_t)
-> ./policy/modules/system/mount.te
both messages dismiss.
Is such solution ok and acceptable upstream (conditionaly for
Debian distro or so)?
Regards
--
Zito
-------------- next part --------------
An embedded message was scrubbed...
From: Martin Orr <martin at martinorr.name>
Subject: [DSE-Dev] /selinux getattr messages
Date: Sat, 23 Jun 2007 12:39:11 +0100
Size: 7453
Url: http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20071116/99d347cb/attachment.eml
More information about the SELinux-devel
mailing list