ubuntu的selinux-policy-default的策略配置真是太烂了!

Web、Mail、Ftp、DNS、Proxy、VPN、Samba、LDAP 等基础网络服务
回复
头像
蝴蝶兰
帖子: 202
注册时间: 2006-04-18 10:13
来自: china
送出感谢: 0
接收感谢: 0
联系:

ubuntu的selinux-policy-default的策略配置真是太烂了!

#1

帖子 蝴蝶兰 » 2006-10-16 15:38

selinux激活到enforce模式真是太麻烦了。需要自己改动的东西太多了!来看一下Permissive模式下的系统日志中的一些东西。从进程init开始就问题重重!
kernel: [17179572.612000] SELinux: Starting in permissive mode
kernel: [17179574.584000] audit: initializing netlink socket (disabled)
kernel: [17179574.584000] audit(1161005733.584:1): initialized
kernel: [17179583.428000] audit(1161005742.428:2): avc: denied { read } for pid=1 comm="init" name="utmp" dev=hda10 ino=1996438 scontext=system_u:system_r:init_t tcontext=system_u:object_r:file_t tclass=file
kernel: [17179583.428000] audit(1161005742.428:3): avc: denied { lock } for pid=1 comm="init" name="utmp" dev=hda10 ino=1996438 scontext=system_u:system_r:init_t tcontext=system_u:object_r:file_t tclass=file
kernel: [17179583.656000] audit(1161005742.656:4): avc: denied { read } for pid=1989 comm="rcS" name="mtab" dev=hda10 ino=426388 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:file_t tclass=file
kernel: [17179583.844000] audit(1161005742.844:5): avc: denied { read } for pid=1989 comm="rc" name="progress_state" dev=tmpfs ino=1364 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:tmpfs_t tclass=file
kernel: [17179584.004000] inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22 for dev=hda10 ino=426079
kernel: [17179584.008000] audit(1161005743.008:6): avc: denied { read } for pid=1994 comm="S01mountvirtfs" name="fstab" dev=hda10 ino=426079 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:unlabeled_t tclass=file
kernel: [17179584.008000] audit(1161005743.008:7): avc: denied { ioctl } for pid=1994 comm="S01mountvirtfs" name="fstab" dev=hda10 ino=426079 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:unlabeled_t tclass=file
kernel: [17179584.092000] audit(1161005743.092:8): avc: denied { search } for pid=1999 comm="mountpoint" name="var" dev=hda10 ino=1994945 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:var_t tclass=dir
kernel: [17179584.092000] audit(1161005743.092:9): avc: denied { getattr } for pid=1999 comm="mountpoint" name="var" dev=hda10 ino=1994945 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:var_t tclass=dir
kernel: [17179584.096000] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
kernel: [17179584.108000] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
......
回避问题 = 曲线救国 = 棒槌
回复

回到 “服务器基础应用”