Summary: | [selinux] all new files created with null context | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Konstantin Arkhipov (RETIRED) <voxus> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Konstantin Arkhipov (RETIRED)
2006-03-29 06:04:57 UTC
are you using xfs? yes. # mount /dev/sda2 on / type xfs (rw,noatime) none on /selinux type selinuxfs (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) udev on /dev type tmpfs (rw,nosuid) devpts on /dev/pts type devpts (rw) none on /dev/shm type tmpfs (rw) # sestatus -v SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Policy version: 20 Policy booleans: secure_mode inactive ssh_sysadm_login inactive user_ping inactive Process contexts: Current context: voxus:sysadm_r:sysadm_t Init context: system_u:system_r:init_t /sbin/agetty system_u:system_r:getty_t /usr/sbin/sshd system_u:system_r:sshd_t File contexts: Controlling term: voxus:object_r:sysadm_devpts_t /sbin/init system_u:object_r:init_exec_t /sbin/agetty system_u:object_r:getty_exec_t /bin/login system_u:object_r:login_exec_t /sbin/rc system_u:object_r:initrc_exec_t /sbin/runscript.sh system_u:object_r:initrc_exec_t /usr/sbin/sshd system_u:object_r:sshd_exec_t /etc/passwd voxus:object_r:etc_t /etc/shadow system_u:object_r:shadow_t /bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t /bin/bash system_u:object_r:shell_exec_t /bin/sash system_u:object_r:shell_exec_t /usr/bin/newrole system_u:object_r:newrole_exec_t /lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t /lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t XFS is broken on selinux for 2.6.14 and 2.6.15. It is fixed in 2.6.16. Please see: http://marc.theaimsgroup.com/?l=gentoo-hardened&m=113433863728029&w=2 yep, just found it too. thank you. |