Re: weird dyntransition issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2012-03-25 at 18:11 +0100, Mr Dash Four wrote:
> > What does audit2why say?
> >   
> Well, not what I expected :-\ :
> 
> -bash-4.1# audit2why < /var/log/audit/audit.log
> Traceback (most recent call last):
>   File "/usr/bin/audit2allow", line 24, in <module>
>     import sepolgen.policygen as policygen
>   File "/usr/lib/python2.6/site-packages/sepolgen/policygen.py", line 
> 33, in <module>
>     from setools import *
> ImportError: No module named setools

ouch

> So, I guess I have to transfer my audit.log on a machine which does have 
> setools (python) installed (the one I am getting this on is my dmz 
> server, so it is pretty constrained).
> 
> > Some shots in the dark:
> >
> > # get past dyntransition kiddy lock
> > domain_dyntrans_type(sshd_t)
> >
> > # get past subject identity change kiddy lock
> > domain_subj_id_change_exemption(sshd_t)
> >
> > # get past role change kiddy lock
> > domain_role_change_exemption(sshd_t)
> >   
> I'll try these, thanks Dominick! I'll introduce these one by one as 
> tunables and see what works.
> 
> Could it be that the new version of openssh introduced these new hooks, 
> which were not present in older versions? To me this whole issue is 
> caused entirely by openssh.
> 

not likely, i am not sure though

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux