On Mon, 2008-07-07 at 16:18 -0400, David L Durant (Mags) wrote: > On Mon, 2008-07-07 14:47 -0500, Stephen Smalley wrote: > > > On Mon, 2008-07-07 at 13:42 -0500, Serge E. Hallyn wrote: > > > >> It looks like unconfined_t is not granted setfcap capability. So > >> when running ltp as unconfined_t, the file capabilities test fails. > >> I'm just wondering what the right answer is: > >> > >> 1. require running ltp as an administrative type > >> 2. give ltp a custom policy module to create an ltp_t > >> 3. give setfcap to unconfined_t > >> > > unconfined_t should have all capabilities already. > > Policy version? > > Well, earlier today while running as _root_ with full-blown permissions, > I noticed that I couldn't access */home/dave/.gvfs*, (except to see that > it is a directory). > > [EMAIL PROTECTED] ~]$ *ls -ld /home/dave/.gvfs* > dr-x------ 2 dave durant 0 2008-07-07 09:40 /home/dave/.gvfs > [EMAIL PROTECTED] ~]$ su - > Password: > [EMAIL PROTECTED] ~]# *ls -ld .gvfs* > ls: cannot access /home/dave/.gvfs: Permission denied > [EMAIL PROTECTED] ~]# *secon* > user: unconfined_u > role: unconfined_r > type: unconfined_t > sensitivity: s0 > clearance: s0:c0.c1023 > mls-range: s0-s0:c0.c1023 > [EMAIL PROTECTED] ~]#
I don't think that is SELinux-related (retry after "setenforce 0" and/or check your audit log via "/sbin/ausearch -m AVC -sv no"). Likely just that /home/dave is NFS mounted and you have rootsquash on the NFS server... -- Stephen Smalley National Security Agency ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
