Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux HostsFree MagazinesJobs
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > Your Distro > Redhat / Fedora Linux Help
Reload this Page Help me, i have some trouble with selinux
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Redhat / Fedora Linux Help Help and discussion related to Redhat and Fedora Linux.

Reply
 
Thread Tools Display Modes
Old 04-25-2005   #1 (permalink)
Just Joined!
 
Join Date: Apr 2005
Location: Indonesia
Posts: 1
Send a message via Yahoo to andrie
Help me, i have some trouble with selinux
can anyone help me about selinux, i dont know what wrong with my config at my fedora, i have a message error like this:

audit(1114416727.967:0): avc: denied { search } for pid=3491 exe=/usr/sbin/snmpd name=net dev=proc ino=-268435350 scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:sysctl_net_t tclass=dir
iftop uses obsolete (PF_INET,SOCK_PACKET)

why ?

in the below is info my seting, i hope is enough
[root@golden ~]# ls --context `tty`
crw--w---- root tty user_u:object_r:devpts_t /dev/pts/0

[root@golden ~]# ls -al /etc/selinux/
total 40
drwxr-xr-x 3 root root 4096 Apr 8 02:36 .
drwxr-xr-x 78 root root 12288 Apr 25 15:07 ..
-rw-r--r-- 1 root root 448 Mar 24 15:34 config
drwxr-xr-x 4 root root 4096 Apr 16 12:23 targeted

[root@golden ~]# checkpolicy
checkpolicy: loading policy configuration from policy.conf
checkpolicy: unable to open policy.conf

[root@golden ~]# whereis selinux
selinux: /etc/selinux /usr/include/selinux /usr/share/man/man8/selinux.8.gz

[root@golden selinux]# pwd
/selinux
[root@golden selinux]# ls -al
total 8
drwxr-xr-x 1 root root 0 Apr 25 15:06 .
drwxr-xr-x 34 root root 4096 Apr 25 15:07 ..
-rw-rw-rw- 1 root root 0 Apr 25 15:06 access
dr-xr-xr-x 1 root root 0 Apr 25 15:06 avc
dr-xr-xr-x 1 root root 0 Apr 25 15:06 booleans
--w------- 1 root root 0 Apr 25 15:06 commit_pending_bools
-rw-rw-rw- 1 root root 0 Apr 25 15:06 context
-rw-rw-rw- 1 root root 0 Apr 25 15:06 create
--w------- 1 root root 0 Apr 25 15:06 disable
-rw-r--r-- 1 root root 0 Apr 25 15:06 enforce
-rw------- 1 root root 0 Apr 25 15:06 load
-rw-rw-rw- 1 root root 0 Apr 25 15:06 member
-r--r--r-- 1 root root 0 Apr 25 15:06 mls
crw-rw-rw- 1 root root 1, 3 Apr 25 15:06 null
-r--r--r-- 1 root root 0 Apr 25 15:06 policyvers
-rw-rw-rw- 1 root root 0 Apr 25 15:06 relabel
-rw-rw-rw- 1 root root 0 Apr 25 15:06 user

[root@golden ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

[root@golden ~]# locate selinux
/usr/share/system-config-users/selinux.py
/usr/share/system-config-users/selinux.pyc
/usr/share/man/man8/selinuxenabled.8.gz
/usr/share/man/man8/pam_selinux_check.8.gz
/usr/share/man/man8/pam_selinux.8.gz
/usr/share/man/man8/selinux.8.gz
/usr/share/man/man3/selinux_failsafe_context_path.3.gz
/usr/share/man/man3/selinux_policyroot.3.gz
/usr/share/man/man3/selinux_file_context_path.3.gz
/usr/share/man/man3/selinux_media_context_path.3.gz
/usr/share/man/man3/selinux_binary_policy_path.3.gz
/usr/share/man/man3/selinux_getenforcemode.3.gz
/usr/share/man/man3/selinux_user_contexts_path.3.gz
/usr/share/man/man3/selinux_removable_context_path.3.gz
/usr/share/man/man3/selinux_contexts_path.3.gz
/usr/share/man/man3/selinux_booleans_path.3.gz
/usr/share/man/man3/is_selinux_enabled.3.gz
/usr/share/man/man3/selinux_default_context_path.3.gz
/usr/share/doc/pam-0.77/txts/README.pam_selinux
/usr/share/system-config-securitylevel/selinux.tbl
/usr/share/system-config-securitylevel/selinuxPage.py
/usr/lib/libselinux.so
/usr/lib/libselinux.a
/usr/include/selinux
/usr/include/selinux/get_context_list.h
/usr/include/selinux/context.h
/usr/include/selinux/avc.h
/usr/include/selinux/av_permissions.h
/usr/include/selinux/selinux.h
/usr/include/selinux/get_default_type.h
/usr/include/selinux/flask.h
/usr/include/selinux
/usr/sbin/selinuxenabled
/lib/libselinux.so.1
/lib/security/pam_selinux.so
/etc/sysconfig/selinux
/etc/selinux
/etc/selinux/config
/etc/selinux/targeted
/etc/selinux/targeted/contexts
/etc/selinux/targeted/contexts/userhelper_context
/etc/selinux/targeted/contexts/files
/etc/selinux/targeted/contexts/files/media
/etc/selinux/targeted/contexts/files/file_contexts
/etc/selinux/targeted/contexts/files/file_contexts.pre
/etc/selinux/targeted/contexts/files
/etc/selinux/targeted/contexts/failsafe_context
/etc/selinux/targeted/contexts/users
/etc/selinux/targeted/contexts/users/root
/etc/selinux/targeted/contexts/users
/etc/selinux/targeted/contexts/default_type
/etc/selinux/targeted/contexts/initrc_context
/etc/selinux/targeted/contexts/default_contexts
/etc/selinux/targeted/contexts/removable_context
/etc/selinux/targeted/contexts
/etc/selinux/targeted/booleans
/etc/selinux/targeted/policy
/etc/selinux/targeted/policy/policy.18
/etc/selinux/targeted/policy
/etc/selinux/targeted
/etc/selinux

sorry about that because i'am a newbie, please help me anyone....
ups... i'am forget the one thinks, why i can't write in /proc ?
example: mcedit /proc/sys/net/ipv4/ip_forward the error message is dismiss, why ?

thanks a lot
andrie is offline   Reply With Quote
Old 04-25-2005   #2 (permalink)
Linux Newbie
 
rat007's Avatar
 
Join Date: Jul 2004
Location: Brno
Posts: 230
You're newbie, so why do you use SELinux? It's such a crap! setenforce 0!!
rat007 is offline   Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off
 

Free Magazines
Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe
Systems Management News, the newspaper for IT systems administration and data center managers!
Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe
The Enterprise Newsweekly
eWeek is the essential technology information source for builders of e-business.
subscribe
Oracle Magazine
Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe
Total Telecom
Total Telecom is "The Economist of the communications industry".
subscribe
More free magazines »



All times are GMT. The time now is 07:45 AM.



Contact Us | Advertise | Archive | Top
© 2000 - 2008 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.2.0