On Sat, Feb 18, 2012 at 11:13:36AM +0100, Tomáš Dobrovolný wrote:
> I have installed new machine using
> http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml .
> Everything was in order. But when I restart in "full function SELinux"
> in permissive mode in my log are following avc er
Dne 19.2.2012 09:55, Sven Vermeulen napsal(a):
> On Sat, Feb 18, 2012 at 11:13:36AM +0100, Tomáš Dobrovolný wrote:
>> I have installed new machine using
>> http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml .
>> Everything was in order. But when I restart in "full function SELinux"
There's a snippet in your ebuild:
"append-flags -mno-avx"
What is the problem with avx? Is it an option counteracting with security?
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 15.(Sze) 18:10 időpontban Hinnerk van Bruineh
> There's a snippet in your ebuild:
> "append-flags -mno-avx"
>
> What is the problem with avx? Is it an option counteracting with security?
I'm sorry but I'm not sure what you mean. I should change the firefox ebuild?
- Grant
>>> Firefox won't compile on my system due to the issue
>>>
The email I replied to was originally posted by "Hinnerk van Bruinehsen".
Let's see my question in details, that might clarify it. Here is the part
of the ebuild I'm asking questions about:
"
if [[ $(gcc-major-version) -lt 4 ]]; then
append-cxxflags -fno-stack-protector
> The email I replied to was originally posted by "Hinnerk van Bruinehsen".
Crazy, gmail is acting like it was in response to my message about
compiling firefox. Sorry about that.
- Grant
> Let's see my question in details, that might clarify it. Here is the part
> of the ebuild I'm asking que
On Sun, Feb 19, 2012 at 10:07:26AM +0100, Tomáš Dobrovolný wrote:
> I have had enabled initrd/initramfs parts in my kernel configuration,
> but I don't use it to boot my system. I try to disable it completely and
> I will see.
In that case, your /dev/console is mislabeled, and you are currently ru
Hello,
While troubleshooting my server in enforcing mode, I have come
across many files and directory in /etc which are not labelled and thus, I
am getting permission denied while using the root account:
johnson ~ # ls -Z /etc/ | grep "(null)"
ls: cannot access /etc/rsyncd.conf: Permission
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19.02.2012 20:06, "Tóth Attila" wrote:
> The email I replied to was originally posted by "Hinnerk van
> Bruinehsen".
>
> Let's see my question in details, that might clarify it. Here is
> the part of the ebuild I'm asking questions about:
>
> " if
On Sun, 19 Feb 2012 16:18:12 -0500
"Alain Toussaint" wrote:
> which are not labelled and thus, I
> am getting permission denied while using the root account:
>
> johnson ~ # ls -Z /etc/ | grep "(null)"
> ls: cannot access /etc/rsyncd.conf: Permission denied
What is the output of 'id -Z'
--
M
On Sun, Feb 19, 2012 at 04:18:12PM -0500, Alain Toussaint wrote:
> While troubleshooting my server in enforcing mode, I have come
> across many files and directory in /etc which are not labelled and thus, I
> am getting permission denied while using the root account:
[...]
Using rlpkg -a -r
> What is the output of 'id -Z'
johnson ~ # id -Z
root:staff_r:staff_t:s0-s0:c0.c1023
Alain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19.02.2012 20:06, "Tóth Attila" wrote:
> The email I replied to was originally posted by "Hinnerk van
> Bruinehsen".
>
> Let's see my question in details, that might clarify it. Here is
> the part of the ebuild I'm asking questions about:
>
> " if
Thanks for the link! It's clear now. You need a recent CPU and a recent
gcc to trigger this.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 19.(V) 23:01 időpontban Hinnerk van Bruinehsen ezt írta:
> -BEGIN PGP SIGNED MESSAGE-
> Hash
<<<
Using rlpkg -a -r should work, but only as long as the domain you run in has
the privileges to relabel to begin with. Most of the time, if no label is
set, it means that the system was once set up without SELinux running and
"rlpkg -a -r" hasn't been ran since.
My best bet here would be to
Dne 19.2.2012 21:51, Sven Vermeulen napsal(a):
> On Sun, Feb 19, 2012 at 10:07:26AM +0100, Tomáš Dobrovolný wrote:
> In that case, your /dev/console is mislabeled, and you are currently running
> with dontaudits disabled (the many rlimitinh and other privilege attempts
> that are by default not aud
16 matches
Mail list logo
