2007-06-04 (月) の 21:25 -0400 に Matthew Gillen さんは書きました:
John Lindgren wrote:
Hi, New to this list, not totally new to selinux.
Running F7 with everything current (06/04/2007), policy is selinux-policy-targeted-2.6.4-8.fc7.
cat /var/log/audit/audit.log: type=AVC msg=audit(1181003986.020:18662): avc: denied { audit_write } for pid=13774 comm="dovecot-auth" capability=29 scontext=root:system_r:dovecot_auth_t:s0 tcontext=root:system_r:dovecot_auth_t:s0 tclass=capability
type=AVC msg=audit(1181003859.499:18627): avc: denied { create } for pid=1352 0 comm="dovecot-auth" scontext=root:system_r:dovecot_auth_t:s0 tcontext=root:sys tem_r:dovecot_auth_t:s0 tclass=netlink_audit_socket
cat /var/log/audit/audit.log | audit2allow -M local:
cat local.te: module local 1.0;
require { type dovecot_auth_t; class capability audit_write; class netlink_audit_socket { write nlmsg_relay create read }; }
#============= dovecot_auth_t ============== allow dovecot_auth_t self:capability audit_write; allow dovecot_auth_t self:netlink_audit_socket { write nlmsg_relay create read };
semodule -i local.pp: libsepol.check_assertion_helper: assertion on line 0 violated by allow dovecot_auth_t dovecot_auth_t:netlink_audit_socket { nlmsg_relay }; libsepol.check_assertion_helper: assertion on line 0 violated by allow dovecot_auth_t dovecot_auth_t:capability { audit_write }; libsepol.check_assertions: 2 assertion violations occured libsemanage.semanage_expand_sandbox: Expand module failed semodule: Failed!
Should I add something magical (what, I'm not sure) to the .te to allow this anyway? Or is there something missing from the distribution targeted policy? Or edit the base policy and recompile the whole thing? Or...
Anyone else having this problem?
Yep, I am. Got tired of tinkering last night and just put it in permissive mode for the time being.
I'm getting slightly different .te file, but ultimately the same 2 assertion violations.
Matt
Same here ...
I yum installed every selinux related packages. I made localaudit.pp typing #audit2allow -i /var/log/audit/audit.log -m localaudit > localaudit.te at /usr/share/selinux/devel #semodule -i localaudit.pp violation reported by libsepol.chek_assertions
local_login_t local_login_t:netlink_audit_socket { nlmsg_relay }; local_login_t local_login_t:capability { audit_write }; local_login_t local_login_t:capability { audit_control };
So,I commented those lines on localaudit.te including require brace. This time I succeeded installing localaudit.pp.
I restarted my machine setting Enforcing/strict. During the startup process, I could see Keymap had failed. I can't login from console. I typed like a US key not jp106, still I can't.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list