[ubuntu-hardened] refpolicy
gdsm at tgfslp.dalmany.co.uk
gdsm at tgfslp.dalmany.co.uk
Mon Aug 4 21:59:51 BST 2008
Hello,
I have been looking at using the refpolicy from tresys.com as Ubuntu only
has a policy for cups. I am not sure if their is anyone on the list who
can help.
Ubuntu hardy
linux 2.6.25.10 from www.kernel.org with SELinux enabled.
At bootup, I get the following
Aug 3 22:19:07 hp-laptop kernel: [ 8.035418] type=1400
audit(1217798318.515:
3): avc: denied { search } for pid=869 comm="hotplug" name="/" dev=hda1
ino=2
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:default_t
tclass=dir
I know this is only hotplug, but I get quite a few with
name="/"
and
tcontext=system_u:object_r:default_t
obviously my / is labelled system_u:object_r:default_t as shown below
ls -Za /
system_u:object_r:default_t .
system_u:object_r:default_t ..
<snip>
Another example is syslog
Aug 3 22:38:30 hp-laptop kernel: [ 1201.056587] type=1400
audit(1217799510.147:457): avc: denied { search } for pid=3821
comm="klogd" name="/" dev=hda1 ino=2 scontext=system_u:system_r:klogd_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 3 22:38:30 hp-laptop kernel: [ 1201.056672] type=1400
audit(1217799510.147:458): avc: denied { search } for pid=3756
comm="syslogd" name="/" dev=hda1 ino=2
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:default_t
tclass=dir
This means when I enforce, nothing is logged.
I am presuming I do not have / labelled correctly.
What should the correct label be please?
If you need any other information, please ask.
Many thanks,
Spencer
More information about the ubuntu-hardened
mailing list