Re: Trouble logging in through SSH

[Simon Peter Nicholls <simon@mintsource.org>]

On 05/02/11 14:27, Dominick Grift wrote:
> By the way, these policy related questions should go to
> refpolicy@oss.tresys.com maillist.

Hi Dominick, thanks for your replies to my issues.

When I hit trouble, I thought I had hit something other than regular 
policy issues, but this was incorrect. I have missing access_vectors, 
and face some other issues (due to a combination of recent software and 
non-standard file locations), but all appear to be surmountable through 
a custom policy build.

I've learned a lot in a short time, thanks in large part to reading some 
key posts in this mailing list, and my system is firmly in the realm of 
policy tweaking now. Mostly I'm twiddling booleans and changing file 
contexts to match Arch Linux at this point, with cron and syslog-ng the 
only services with issues. My "semanage permissive -a" functionality is 
broken, as the "/var/lib/selinux" path I see hardcoded into semanage 
does not exist on my system, but it was no bother to hand code a 
permissive module to get my logging working for now. So I can run 
enforcing from boot whilst I finish up, no problem.

It looks like Fedora have already addressed some of the core refpolicy 
issues I've faced (problems unrelated to Arch file locations), but 
patches had not made it upstream the last time I checked. I'd also like 
to see a passenger module make it into refpolicy. So, I still have some 
outstanding refpolicy queries, which I'll take over to the mailing list 
you mention.

Thanks again.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.