Re: policy configuration problems

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tom <tom@lemuria.org>
To: lky <lky77@sjtu.edu.cn>
Cc: SELINUX <SELinux@tycho.nsa.gov>
Subject: Re: policy configuration problems
Date: Wed, 8 Oct 2003 21:17:08 +0200	[thread overview]
Message-ID: <20031008211705.F14104@lemuria.org> (raw)
In-Reply-To: <000e01c38dbb$d9841a60$5d38a8c0@lky>; from lky77@sjtu.edu.cn on Thu, Oct 09, 2003 at 12:47:22AM +0800

On Thu, Oct 09, 2003 at 12:47:22AM +0800, lky wrote:
> Hi, I have installed 2.4-based SELinux on Redhat9.0 and I want to eliminate the denied messages now. But there are several problems about my policy configuration.
> First,there are still several system processes run within the initrc_t domain. I have moved up the .te files for these programes from the policy/domains/program/unused directory before building the policy and the pathname for these programs in the .fc files are right as well. Below is the 
> associated messages with the command "ps -e --context":

Check if the binaries are labelled correctly, i.e. do something like:

ls --context /usr/sbin/xinetd 
(or wherever it is installed in redhat)

it should be system_u:system_r:inetd_exec_t if I remember correctly. If
it's the generic :sbin_t then no transition happens.

same for the other programs.


-- 
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2003-10-08 19:17 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-10-08 16:47 policy configuration problems lky
2003-10-08 19:17 ` Tom [this message]
2003-10-09 18:32   ` lky
  -- strict thread matches above, loose matches on Subject: below --
2003-10-10  1:40 lky
2003-10-10  6:48 ` Russell Coker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031008211705.F14104@lemuria.org \
    --to=tom@lemuria.org \
    --cc=SELinux@tycho.nsa.gov \
    --cc=lky77@sjtu.edu.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.