Hi debian security people,
based on this document, http://wiki.debian.org/SELinux/Setup, I tried to install Selinux on Debian Lenny.
I posted the message below to the debian user list, but nobody answered it.
I've also noticed that whenever I enforce selinux, my postgresql database server can' t be started at boot. I really would like to enable selinux properly and be able to use my systems as database and application server.
Thanks in advanced. Dino
--- On Sat, 2/6/10, Dino Vliet <dino_vliet@yahoo.com> wrote:
From: Dino Vliet <dino_vliet@yahoo.com>
Subject: selinux question on debian lenny
To: debian-user@lists.debian.org
Date:
Saturday, February 6, 2010, 3:08 PM
Hi all,
I installed debian lenny with Xfs as it' s filesystem (in raid-1) and went on to install java (openjdk). This system also has a postgresql database server installation.
I tried to enable selinux by following the steps on this wiki:
http://wiki.debian.org/SELinux/Setup
However, after step 5 in that sequence, Run check-selinux-installation to check that everything has been setup correctly and to catch common SELinux problems. (Note: old-style-ptys aren't serious.), I got the following message:
FSCKFIX is not enabled - not serious, but could prevent system from booting
1) What is causing this and how can I correct it?
2) The next thing I did was to check my syslog. The last part of it says:
Feb 6 14:52:48 biserver kernel:
[ 91.461220] __ratelimit: 12 messages
suppressed
Feb 6 14:52:48 biserver kernel: [ 91.461224] type=1401 audit(1265464368.175:41): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:xserver_exec_t:s0 tclass=process
Feb 6 14:52:48 biserver kernel: [ 91.716479] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:48 biserver acpid: client connected from 3448[0:0]
Feb 6 14:52:50 biserver kernel: [ 93.801395] type=1401 audit(1265464370.515:42): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
Feb 6 14:52:50 biserver kernel: [ 93.817255] type=1401 audit(1265464370.531:43): security_compute_sid:
invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
Feb 6 14:52:51 biserver kernel: [ 94.365592] type=1401 audit(1265464371.079:44): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
Feb 6 14:52:51 biserver kernel: [ 94.372334] type=1401 audit(1265464371.087:45): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
Feb 6 14:52:52 biserver kernel: [ 95.820411] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:53 biserver kernel: [
96.392035] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:53 biserver kernel: [ 96.500011] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:53 biserver kernel: [ 97.145973] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:54 biserver kernel: [ 98.193879] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:56 biserver kernel: [ 99.888604] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:56 biserver kernel: [ 100.276146] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:57 biserver kernel: [ 100.549781] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:57
biserver kernel: [ 100.696083] type=1400 audit(1265464377.411:46): avc: denied { search } for pid=2562 comm="dbus-daemon" name="3488" dev=proc ino=13750 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=dir
Feb 6 14:52:57 biserver kernel: [ 100.696128] type=1400 audit(1265464377.411:47): avc: denied { read } for pid=2562 comm="dbus-daemon" name="cmdline" dev=proc ino=13751 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=file
Feb 6 14:52:57 biserver kernel: [ 100.804317] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:52:57 biserver kernel: [ 101.253089] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:02 biserver kernel: [ 105.743291] SELinux: context
unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:08 biserver kernel: [ 111.857588] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:08 biserver kernel: [ 111.904995] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:09 biserver kernel: [ 113.069960] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:10 biserver kernel: [ 113.948280] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:34 biserver kernel: [ 137.596125] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:34 biserver kernel: [ 137.620644] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:53:34 biserver kernel: [ 137.772816] SELinux: context
unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid
Feb 6 14:56:14 biserver ntpd[3270]: synchronized to 82.94.235.106, stratum 2
I have seen that my system didn' t start xdm, though. I was thrown to the command line. But doing a startx brought my xfce4 desktop in front of me. but how can I enable xdm? And does that have something to do with the errors I' m seeing in syslog?
3) Do I have to load extra policies if I'm planning to install packages like tomcat? How do I accomplish that?
Thanks in advanced,
Dino
|
|