| View previous topic :: View next topic |
| Author |
Message |
mitschel
Tux's lil' helper
Joined: 21 Jan 2005
Posts: 138
Location: Germany
|
 Posted: Sat Dec 20, 2008 1:30 am Post subject: SELinux rlpkg -a -r Operation not permitted [solved] |
 |
|
Im pretty new to the selinux topic. So I followd the Gentoo SELinux Handbook to install and test.
But the command rlpkg -r -a says unable to relabel
| Code: |
.
.
.
/usr/portage/metadata/cache/dev-python/pythondialog-2.7: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/portage/metadata/cache/dev-python/pythondialog-2.7 to system_u:object_r:portage_ebuild_t
/usr/portage/metadata/cache/dev-python/twisted-words-0.4.0: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/portage/metadata/cache/dev-python/twisted-words-0.4.0 to system_u:object_r:portage_ebuild_t
/usr/portage/metadata/cache/dev-python/pyparted-1.8.9: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/portage/metadata/cache/dev-python/pyparted-1.8.9 to system_u:object_r:portage_ebuild_t
/usr/portage/metadata/cache/dev-python/pastedeploy-1.3.1: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/portage/metadata/cache/dev-python/pastedeploy-1.3.1 to system_u:object_r:portage_ebuild_t
/usr/portage/metadata/cache/dev-python/tg-widgets-lightbox-2.0: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/portage/metadata/cache/dev-python/tg-widgets-lightbox-2.0 to system_u:object_r:portage_ebuild_t
/usr/portage/metadata/cache/dev-python/python-yadis-1.1.0: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/portage/metadata/cache/dev-python/python-yadis-1.1.0 to system_u:object_r:portage_ebuild_t
.
.
.
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_dbtables.py to system_u:object_r:lib_t
/usr/lib/python2.4/bsddb/test/test_misc.pyc: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_misc.pyc to system_u:object_r:lib_t
/usr/lib/python2.4/bsddb/test/test_dbtables.pyc: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_dbtables.pyc to system_u:object_r:lib_t
/usr/lib/python2.4/bsddb/test/test_basics.py: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_basics.py to system_u:object_r:lib_t
/usr/lib/python2.4/bsddb/test/test_all.pyc: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_all.pyc to system_u:object_r:lib_t
/usr/lib/python2.4/bsddb/test/test_lock.pyo: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_lock.pyo to system_u:object_r:lib_t
/usr/lib/python2.4/bsddb/test/test_dbtables.pyo: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_dbtables.pyo to system_u:object_r:lib_t
/usr/lib/python2.4/bsddb/test/test_thread.pyc: Operation not supported
/usr/sbin/setfiles: unable to relabel /usr/lib/python2.4/bsddb/test/test_thread.pyc to system_u:object_r:lib_t
.
.
.
/tmp: Operation not supported
/usr/sbin/setfiles: unable to relabel /tmp to system_u:object_r:tmp_t
matchpathcon_filespec_eval: hash table stats: 217921 elements, 61181/65536 buckets used, longest chain length 8
/usr/sbin/setfiles: Done.Scanning for shared libraries with text relocations...
Not relabeling /lib/udev/edd_id because it is unlabeled_t.
Not relabeling /lib/udev/create_floppy_devices because it is unlabeled_t.
Not relabeling /lib/udev/usb_id because it is unlabeled_t.
Not relabeling /lib/udev/cdrom_id because it is unlabeled_t.
Not relabeling /lib/udev/scsi_id because it is unlabeled_t.
Not relabeling /lib/udev/vol_id because it is unlabeled_t.
Not relabeling /lib/udev/ata_id because it is unlabeled_t.
Not relabeling /usr/lib/gettext/urlget because it is unlabeled_t.
8 libraries with text relocations, 8 not relabeled.
Some files were not relabeled! This is not necessarily bad,
but may indicate a labeling problem, since what is detected as
a library is not already labeled with a library type.
If you just relabeled the entire filesystem, please report
this in the #gentoo-hardened IRC channel, the
gentoo-hardened mail list, or Gentoo bugzilla.
Scanning for PIE binaries with text relocations...
PIE executable /sbin/udevadm has text relocations!
PIE executable /sbin/udevd has text relocations!
PIE executable /usr/bin/xgettext has text relocations!
PIE executable /usr/bin/msginit has text relocations!
PIE executable /usr/bin/msggrep has text relocations!
PIE executable /usr/bin/recode-sr-latin has text relocations!
PIE executable /usr/bin/gettext has text relocations!
PIE executable /usr/bin/msgfmt has text relocations!
PIE executable /usr/bin/pcretest has text relocations!
PIE executable /usr/bin/msgmerge has text relocations!
PIE executable /usr/bin/envsubst has text relocations!
PIE executable /usr/bin/ngettext has text relocations!
PIE executable /usr/bin/msgunfmt has text relocations!
PIE executable /usr/bin/msguniq has text relocations!
14 binaries with text relocations detected.
|
So I have completly unlabeled ext3 filesystem.
| Code: |
drwxr-xr-x+ 2 root root system_u:object_r:unlabeled_t 4096 Dec 19 14:03 bin
drwxr-xr-x+ 3 root root system_u:object_r:unlabeled_t 4096 Dec 20 04:00 boot
drwxr-xr-x+ 12 root root system_u:object_r:device_t 13620 Dec 20 06:42 dev
drwxr-xr-x+ 33 root root system_u:object_r:unlabeled_t 4096 Dec 20 07:27 etc
drwxr-xr-x+ 3 root root system_u:object_r:unlabeled_t 4096 Dec 19 19:47 home
drwxr-xr-x+ 8 root root system_u:object_r:unlabeled_t 4096 Dec 19 18:02 lib
drwxr-xr-x+ 3 root root system_u:object_r:unlabeled_t 4096 Dec 19 04:40 mnt
drwxr-xr-x+ 2 root root system_u:object_r:unlabeled_t 4096 Apr 25 2008 opt
dr-xr-xr-x+ 57 root root system_u:object_r:proc_t 0 Dec 20 06:41 proc
drwx------+ 4 root root system_u:object_r:unlabeled_t 4096 Dec 19 19:39 root
drwxr-xr-x+ 2 root root system_u:object_r:unlabeled_t 4096 Dec 20 01:36 sbin
drwxr-xr-x+ 7 root root system_u:object_r:security_t 0 Dec 20 06:41 selinux
drwxr-xr-x+ 11 root root system_u:object_r:sysfs_t 0 Dec 20 06:41 sys
drwxrwxrwt+ 5 root root system_u:object_r:unlabeled_t 4096 Dec 20 07:47 tmp
drwxr-xr-x+ 13 root root system_u:object_r:unlabeled_t 4096 Dec 20 07:47 usr
drwxr-xr-x+ 12 root root system_u:object_r:unlabeled_t 4096 Apr 25 2008 var
|
As far as I understand this hole thing, there is something wrong.
Can somebody help me?
| Code: |
emerge --info
Portage 2.1.4.5 (selinux/2007.0/x86/hardened, gcc-3.4.6, glibc-2.6.1-r0, 2.6.25-hardened-r10 i686)
=================================================================
System uname: 2.6.25-hardened-r10 i686 Intel(R) Pentium(R) III Mobile CPU 750MHz
Timestamp of tree: Sat, 20 Dec 2008 01:03:01 +0000
distcc 3.0 i686-pc-linux-gnu [disabled]
app-shells/bash: 3.2_p33
dev-lang/python: 2.4.4-r6, 2.5.2-r7
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox: 1.2.18.1-r2
sys-devel/autoconf: 2.61-r2
sys-devel/automake: 1.10.1-r1
sys-devel/binutils: 2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool: 1.5.26
virtual/os-headers: 2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=pentium3 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O3 -march=pentium3 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="buildpkg distlocks loadpolicy metadata-transfer sandbox selinux sesandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="berkdb crypt hardened mmx ncurses pam perl pic python readline selinux snmp ssl tcpd x86 xml" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
|
Last edited by mitschel on Sat Dec 20, 2008 8:11 am; edited 1 time in total |
|
| Back to top |
|
 |
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21631
|
| Posted: Sat Dec 20, 2008 4:09 am Post subject: |
|
|
| SELinux needs some extra functionality enabled in the filesystem. Did you enable EXT3_FS_SECURITY? What is the output of zgrep EXT /proc/config.gz? |
|
| Back to top |
|
|
mitschel
Tux's lil' helper
Joined: 21 Jan 2005
Posts: 138
Location: Germany
|
| Posted: Sat Dec 20, 2008 8:10 am Post subject: |
|
|
| That did the trick. Thank you! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
