[ubuntu-hardened] refpolicy

gdsm at tgfslp.dalmany.co.uk gdsm at tgfslp.dalmany.co.uk
Mon Aug 4 21:59:51 BST 2008


I have been looking at using the refpolicy from tresys.com as Ubuntu only
has a policy for cups.  I am not sure if their is anyone on the list who
can help.

Ubuntu hardy
linux from www.kernel.org with SELinux enabled.

At bootup, I get the following
Aug  3 22:19:07 hp-laptop kernel: [    8.035418] type=1400
3): avc:  denied  { search } for  pid=869 comm="hotplug" name="/" dev=hda1
 scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:default_t

I know this is only hotplug, but I get quite a few with
obviously my / is labelled system_u:object_r:default_t as shown below

ls -Za /
    system_u:object_r:default_t .
    system_u:object_r:default_t ..

Another example is syslog
Aug  3 22:38:30 hp-laptop kernel: [ 1201.056587] type=1400
audit(1217799510.147:457): avc:  denied  { search } for  pid=3821
comm="klogd" name="/" dev=hda1 ino=2 scontext=system_u:system_r:klogd_t
tcontext=system_u:object_r:default_t tclass=dir
Aug  3 22:38:30 hp-laptop kernel: [ 1201.056672] type=1400
audit(1217799510.147:458): avc:  denied  { search } for  pid=3756
comm="syslogd" name="/" dev=hda1 ino=2
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:default_t

This means when I enforce, nothing is logged.

I am presuming I do not have / labelled correctly.

What should the correct label be please?

If you need any other information, please ask.

Many thanks,


More information about the ubuntu-hardened mailing list