alain.toussaint at securivm
Apr 12, 2012, 10:04 PM
Post #3 of 4
(293 views)
Permalink
|
Thanks,
That did the trick but I feel I'm gonna need the selinux 101 guide to
really understand how to handle a selinux system. For the moment, I hooked
up a monitor on the server and installed many software that way but I also
tried your instructions on the ppp daemon (for an ipsec vpn) and it
installed fine while in a ssh session.
Another question I had is; would you (or someone else in Gentoo.org) have a
use for a howto on how to build a selinux enabled active directory system
where all the users and administrative users are located in a samba 4
installation? (only root would have an account in /etc/passwd)
Alain
-----Message d'origine-----
De : Sven Vermeulen [mailto:swift [at] gentoo]
Envoyé : 12 avril 2012 15:57
À : gentoo-hardened [at] lists
Objet : Re: [gentoo-hardened] emerge via ssh doesn't work
On Thu, Apr 12, 2012 at 03:41:50PM -0400, Alain Toussaint wrote:
> I am building a headless server and for the most part,
> now that I have labelled everything (selinux), I am not able to
> continue emerging software via ssh. I know that it is a security
> features but is there something I can change in my setup or else, I’ll
> need to get a monitor for the machine?
Without the failure you get, it is not easy to tell you what to do, but my
guess would be that, once you are logged on to the server, you are in the
staff role:
~# id -Z
root:staff_r:staff_t
In order to use Portage, you need to be in the system administration role,
so first switch roles:
~# newrole -r sysadm_r
Password: <your root password>
~# id -Z
root:sysadm_r:sysadm_t
Now you should be able to run emerge (and other administrative tasks).
Wkr,
Sven Vermeulen
|
