On Thu, 23 Jun 2005 02:13:35 -0600 Jason K Larson <[EMAIL PROTECTED]> wrote:
> I am fairly new to selinux and while I have a seemingly working > install, when its in enforcing mode I get errors trying to sync other > gentoo boxes portage tree, like: > > Jun 23 01:35:21 yorke rsyncd[18130]: chroot /usr/portage failed: > Permission denied Try something like: r_dir_file(rsyncd_t, portage_ebuild_t) > > It's the only error I can see anywhere about it, and I can't seem to > locate any log of the selinux denial, neither while in enforcing or > in permissive. However in permissive mode, the sync works as > expected. > > I can see some grsec denials (not related to rsyncd) in > /var/log/grsec.log (running syslog-ng, btw) but nothing selinux > related in /var/log/kern.log or /var/log/messages and from what I > have read thus far I am certain that I should be getting something. > kern.log and messages both contain "security:" entries when I load a > new selinux policy. Is there just some verbosity flag I missed so I > can start logging these denials? Kernel config -> General Setup -> Auditing support. > > I thought perhaps I needed to reload the rsync selinux policy and was > surprised there wasn't one to be found, not installed or in portage, > unless its wrapped up in the base policy. Am I missing something? I > see policies for distcc and bind amongst many others, but nothing for > rsync? It's in selinux-base-policy. > > How can I go about resolving this, and I mean that more like, I'd > greatly appreciate learning how, not just waltzing through some blind > steps. Sorry if I threw too much out there at once, but that much > for any advice. BTW, this should probably be on the gentoo-hardened list rather than this one -- support for hardened gentoo projects generally belongs there. -- [email protected] mailing list
