* RE: problems with fd
@ 2002-08-09 22:00 Ryan Bergauer
2002-08-09 22:13 ` Russell Coker
0 siblings, 1 reply; 5+ messages in thread
From: Ryan Bergauer @ 2002-08-09 22:00 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 678 bytes --]
I take that back, I did upgrade from 1.06 to 1.07 since then. That would
appear to have triggered this.
-----Original Message-----
From: Ryan Bergauer [mailto:privateryan@mindspring.com]
Sent: Friday, August 09, 2002 4:49 PM
To: 'selinux@tycho.nsa.gov'
Subject: problems with fd
I'm getting a particular denied message in quite a few places.
The scontext is always the program's context, as in
user_name:user_r:user_gpg_t.
The tcontext is how I got my current role, as in
user_name:sysadm_r:newrole_t or system_u:system_r:local_login_t.
It's denying the use of fd.
This just popped up - I know I've used GPG before, but never had this
error. Any suggestions?
-Ryan
[-- Attachment #2: Type: text/html, Size: 6694 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: problems with fd
2002-08-09 22:00 problems with fd Ryan Bergauer
@ 2002-08-09 22:13 ` Russell Coker
2002-08-09 22:31 ` Ryan Bergauer
0 siblings, 1 reply; 5+ messages in thread
From: Russell Coker @ 2002-08-09 22:13 UTC (permalink / raw)
To: Ryan Bergauer, selinux
On Sat, 10 Aug 2002 00:00, Ryan Bergauer wrote:
> I take that back, I did upgrade from 1.06 to 1.07 since then. That would
> appear to have triggered this.
An upgrade of gpg does not make any difference, all versions of gpg work in
the same way in this regard. Unless however you forgot to relabel the new
gpg after the upgrade and as a result have the gpg process running in a
different domain.
> The scontext is always the program's context, as in
> user_name:user_r:user_gpg_t.
> The tcontext is how I got my current role, as in
> user_name:sysadm_r:newrole_t or system_u:system_r:local_login_t.
> It's denying the use of fd.
>
> This just popped up - I know I've used GPG before, but never had this
> error. Any suggestions?
Please tell me exactly what you are doing with gpg?
I've just done a quick test and I can't trigger such problems with my policy.
Please tell me the exact type of gpg command and how you run it (from xterm
or console, etc), and which role you are using. Then I'll try and reproduce
the problem.
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: problems with fd
2002-08-09 22:13 ` Russell Coker
@ 2002-08-09 22:31 ` Ryan Bergauer
2002-08-09 22:57 ` Russell Coker
0 siblings, 1 reply; 5+ messages in thread
From: Ryan Bergauer @ 2002-08-09 22:31 UTC (permalink / raw)
To: 'Russell Coker', selinux
The gpg command in question is 'gpg --gen-key', being run from the
console as (in the case of system_u:system_r:local_login_t) a normal
user in user_r and (in the case of user_name:sysadm_r:newrole_t) a
sysadm that newroled into the user_r role.
-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au]
Sent: Friday, August 09, 2002 5:13 PM
To: Ryan Bergauer; selinux@tycho.nsa.gov
Subject: Re: problems with fd
On Sat, 10 Aug 2002 00:00, Ryan Bergauer wrote:
> I take that back, I did upgrade from 1.06 to 1.07 since then. That
would
> appear to have triggered this.
An upgrade of gpg does not make any difference, all versions of gpg work
in
the same way in this regard. Unless however you forgot to relabel the
new
gpg after the upgrade and as a result have the gpg process running in a
different domain.
> The scontext is always the program's context, as in
> user_name:user_r:user_gpg_t.
> The tcontext is how I got my current role, as in
> user_name:sysadm_r:newrole_t or system_u:system_r:local_login_t.
> It's denying the use of fd.
>
> This just popped up - I know I've used GPG before, but never had this
> error. Any suggestions?
Please tell me exactly what you are doing with gpg?
I've just done a quick test and I can't trigger such problems with my
policy.
Please tell me the exact type of gpg command and how you run it (from
xterm
or console, etc), and which role you are using. Then I'll try and
reproduce
the problem.
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: problems with fd
2002-08-09 22:31 ` Ryan Bergauer
@ 2002-08-09 22:57 ` Russell Coker
0 siblings, 0 replies; 5+ messages in thread
From: Russell Coker @ 2002-08-09 22:57 UTC (permalink / raw)
To: Ryan Bergauer, selinux
On Sat, 10 Aug 2002 00:31, Ryan Bergauer wrote:
> The gpg command in question is 'gpg --gen-key', being run from the
> console as (in the case of system_u:system_r:local_login_t) a normal
> user in user_r and (in the case of user_name:sysadm_r:newrole_t) a
> sysadm that newroled into the user_r role.
allow $1_gpg_t privrole:fd use;
I was not able to reproduce the problem with local_login_t. I was able to
reproduce the problem with newrole_t and added the above rule in the
gpg_domain() macro in the policy/macros/program/gpg_macros.te file to solve
it.
Russell Coker
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* problems with fd
@ 2002-08-09 21:48 Ryan Bergauer
0 siblings, 0 replies; 5+ messages in thread
From: Ryan Bergauer @ 2002-08-09 21:48 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 393 bytes --]
I'm getting a particular denied message in quite a few places.
The scontext is always the program's context, as in
user_name:user_r:user_gpg_t.
The tcontext is how I got my current role, as in
user_name:sysadm_r:newrole_t or system_u:system_r:local_login_t.
It's denying the use of fd.
This just popped up - I know I've used GPG before, but never had this
error. Any suggestions?
-Ryan
[-- Attachment #2: Type: text/html, Size: 4273 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-08-09 22:57 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-08-09 22:00 problems with fd Ryan Bergauer
2002-08-09 22:13 ` Russell Coker
2002-08-09 22:31 ` Ryan Bergauer
2002-08-09 22:57 ` Russell Coker
-- strict thread matches above, loose matches on Subject: below --
2002-08-09 21:48 Ryan Bergauer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.