jvanderstelt at fciautomation
Mar 3, 2005, 2:05 PM
Post #2 of 4
(100 views)
Permalink
|
Thanks, fixed the dhcpcd problem.
I did a make relabel, and I am still getting the find /var avc denied
yes unix_chkpwd is installed by pam but it is installed to /usr/sbin/
instead of /sbin and is not listed when I do a sestatus -v.
On Thu, 2005-03-03 at 13:32 -0600, Simpson, Richard wrote:
> > -----Original Message-----
> > From: Joe Vanderstelt [mailto:jvanderstelt [at] fciautomation]
> > Sent: Thursday, March 03, 2005 11:51 AM
> > To: Stephen Bennett
> > Cc: gentoo-hardened [at] lists
> > Subject: RE: [gentoo-hardened] Won't boot. [Tagged - Possible Spam]
> >
> >
> > ok I got rid of udev
> >
> > I still get these ( the find one is when it is booting and
> > cleaning /var ):
> >
> > Mar 3 09:19:39 aristal audit(1109859574.831:0): avc: denied
> > { read }
> > for pid=3002 exe=/usr/bin/find name=var dev=hda3 ino=126977
> > scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:var_t
> > tclass=dir
> > Mar 3 09:19:42 aristal audit(1109859582.091:0): avc: denied
> > { rename } for pid=3770 exe=/sbin/dhcpcd name=ntp.conf dev=hda3
> > ino=413374 scontext=system_u:system_r:dhcpc_t
> > tcontext=system_u:object_r:etc_t tclass=file
> >
> > and I still can not log in locally, I checked the doc and
> > everything is
> > right execpt I do not have unix_chkpwd? where does it come from?
>
> You may still have some labeling issues. Try "make relabel" again. To allow dhcpcd to update /etc/ntp.conf, pipe the avc denial message to audit2allow to generate an allow rule, put it in a new file called local.te under policy/domains/misc/, then "make load." I believe unix_chkpwd is part of PAM. Try "emerge pam" if it's missing.
>
> Richard.
>
> !DSPAM:42272de1130492096615112!
>
--
gentoo-hardened [at] gentoo mailing list
|
