Apologies - SSG master/HEAD, openscap 0.9.3-1 Jeff
On Thu, Oct 24, 2013 at 1:47 PM, Jeff Bachtel < [email protected]> wrote: > Getting errors running selinux_all_devicefiles_labeled check on RHEL6. I > ran testcheck.py, and initially the check was barfing on all of the broken > symlinks under /dev/.udev/**. I deleted all of the broken symlinks, but I'm > still getting an error on one file (that does not exist) > > <system_data> > <lin-sys:selinuxsecuritycontext_item id="1255121" status="error"> > <message level="error">Can't get context for /dev/fd/6: No > such file or directory > </message> > <lin-sys:filepath>/dev/fd/6</lin-sys:filepath> > <lin-sys:path>/dev/fd</lin-sys:path> > <lin-sys:filename>6</lin-sys:filename> > </lin-sys:selinuxsecuritycontext_item> > </system_data> > > Regarding the broken symlinks: should the check error out on them? > Looking, the problem might occur around > if ((ofts = oval_fts_open(path, filename, filepath, > behaviors)) != NULL) { > in OVAL/probes/unix/linux/selinuxsecuritycontext.c > > Regarding the search for the stray file descriptor: the check still errors > out when run properly via oscap, as well. Might this be some sort of race > condition with the file descriptor being opened by the probe, and > disappearing before the check can get to it? I've tried manually creating > the symlink for /dev/fd/6 to test, but devfs unfortunately won't let me > create it. > > Thanks for any ideas, > > Jeff >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
