Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Hardened

RE: Won't boot. [Tagged - Possible Spam]

 

 

Gentoo hardened RSS feed   Index | Next | Previous | View Threaded


Richard.Simpson at wgint

Mar 3, 2005, 12:32 PM

Post #1 of 4 (180 views)
Permalink
RE: Won't boot. [Tagged - Possible Spam]

> -----Original Message-----
> From: Joe Vanderstelt [mailto:jvanderstelt [at] fciautomation]
> Sent: Thursday, March 03, 2005 11:51 AM
> To: Stephen Bennett
> Cc: gentoo-hardened [at] lists
> Subject: RE: [gentoo-hardened] Won't boot. [Tagged - Possible Spam]
>
>
> ok I got rid of udev
>
> I still get these ( the find one is when it is booting and
> cleaning /var ):
>
> Mar 3 09:19:39 aristal audit(1109859574.831:0): avc: denied
> { read }
> for pid=3002 exe=/usr/bin/find name=var dev=hda3 ino=126977
> scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:var_t
> tclass=dir
> Mar 3 09:19:42 aristal audit(1109859582.091:0): avc: denied
> { rename } for pid=3770 exe=/sbin/dhcpcd name=ntp.conf dev=hda3
> ino=413374 scontext=system_u:system_r:dhcpc_t
> tcontext=system_u:object_r:etc_t tclass=file
>
> and I still can not log in locally, I checked the doc and
> everything is
> right execpt I do not have unix_chkpwd? where does it come from?

You may still have some labeling issues. Try "make relabel" again. To allow dhcpcd to update /etc/ntp.conf, pipe the avc denial message to audit2allow to generate an allow rule, put it in a new file called local.te under policy/domains/misc/, then "make load." I believe unix_chkpwd is part of PAM. Try "emerge pam" if it's missing.

Richard.

--
gentoo-hardened [at] gentoo mailing list


jvanderstelt at fciautomation

Mar 3, 2005, 2:05 PM

Post #2 of 4 (172 views)
Permalink
RE: Won't boot. [Tagged - Possible Spam] [In reply to]

Thanks, fixed the dhcpcd problem.

I did a make relabel, and I am still getting the find /var avc denied

yes unix_chkpwd is installed by pam but it is installed to /usr/sbin/
instead of /sbin and is not listed when I do a sestatus -v.

On Thu, 2005-03-03 at 13:32 -0600, Simpson, Richard wrote:
> > -----Original Message-----
> > From: Joe Vanderstelt [mailto:jvanderstelt [at] fciautomation]
> > Sent: Thursday, March 03, 2005 11:51 AM
> > To: Stephen Bennett
> > Cc: gentoo-hardened [at] lists
> > Subject: RE: [gentoo-hardened] Won't boot. [Tagged - Possible Spam]
> >
> >
> > ok I got rid of udev
> >
> > I still get these ( the find one is when it is booting and
> > cleaning /var ):
> >
> > Mar 3 09:19:39 aristal audit(1109859574.831:0): avc: denied
> > { read }
> > for pid=3002 exe=/usr/bin/find name=var dev=hda3 ino=126977
> > scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:var_t
> > tclass=dir
> > Mar 3 09:19:42 aristal audit(1109859582.091:0): avc: denied
> > { rename } for pid=3770 exe=/sbin/dhcpcd name=ntp.conf dev=hda3
> > ino=413374 scontext=system_u:system_r:dhcpc_t
> > tcontext=system_u:object_r:etc_t tclass=file
> >
> > and I still can not log in locally, I checked the doc and
> > everything is
> > right execpt I do not have unix_chkpwd? where does it come from?
>
> You may still have some labeling issues. Try "make relabel" again. To allow dhcpcd to update /etc/ntp.conf, pipe the avc denial message to audit2allow to generate an allow rule, put it in a new file called local.te under policy/domains/misc/, then "make load." I believe unix_chkpwd is part of PAM. Try "emerge pam" if it's missing.
>
> Richard.
>
> !DSPAM:42272de1130492096615112!
>

--
gentoo-hardened [at] gentoo mailing list


spb at gentoo

Mar 3, 2005, 2:14 PM

Post #3 of 4 (174 views)
Permalink
RE: Won't boot. [Tagged - Possible Spam] [In reply to]

On Thu, 2005-03-03 at 16:05 -0500, Joe Vanderstelt wrote:
> Thanks, fixed the dhcpcd problem.
>
> I did a make relabel, and I am still getting the find /var avc denied
>
> yes unix_chkpwd is installed by pam but it is installed to /usr/sbin/
> instead of /sbin and is not listed when I do a sestatus -v.

A recent pam update changed the location of it again. Edit
file_contexts/program/chkpwd.fc, and add a (/usr)? to the start of the
unix_chkpwd line. Then make load, and rlpkg pam.


--
gentoo-hardened [at] gentoo mailing list


jvanderstelt at fciautomation

Mar 3, 2005, 2:53 PM

Post #4 of 4 (171 views)
Permalink
RE: Won't boot. [Tagged - Possible Spam] [In reply to]

I can log in now :-)

I have always liked Gentoo, I really appreciate how helpful everyone is.
Thank you everyone.

On Thu, 2005-03-03 at 21:14 +0000, Stephen Bennett wrote:
> On Thu, 2005-03-03 at 16:05 -0500, Joe Vanderstelt wrote:
> > Thanks, fixed the dhcpcd problem.
> >
> > I did a make relabel, and I am still getting the find /var avc denied
> >
> > yes unix_chkpwd is installed by pam but it is installed to /usr/sbin/
> > instead of /sbin and is not listed when I do a sestatus -v.
>
> A recent pam update changed the location of it again. Edit
> file_contexts/program/chkpwd.fc, and add a (/usr)? to the start of the
> unix_chkpwd line. Then make load, and rlpkg pam.
>
>
> !DSPAM:42274535136079719915035!
>

--
gentoo-hardened [at] gentoo mailing list

Gentoo hardened RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.