Hello,
I'm setting up a system where the nodes need to have different types. Currently, I'm getting an AVC denial for a node but I don't know which node.
My questions:
1) Is it possible to know which node an AVC message is referencing?
2) Is there a way to see all the node contexts? I know "semanage node -l" will show my local nodecon modifications but how do I list all the nodes?
3) I tried to add a "nodecon" statement to the corenetwork.te file but the policy won't compile. How can I label a node from the policy? Here is what I tried: type my_lo_node_t; corenet_node( my_lo_node_t ) nodecon 127.0.0.1 255.255.255.255 gen_context(system_u:object_r:my_lo_node_t, s0) Thanks, Andy Ruch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/21/2012 12:31 PM, Andy Ruch wrote:
Hello,
I'm setting up a system where the nodes need to have different types. Currently, I'm getting an AVC denial for a node but I don't know which node.
My questions:
Is it possible to know which node an AVC message is referencing?
Is there a way to see all the node contexts? I know "semanage node -l"
will show my local nodecon modifications but how do I list all the nodes?
- I tried to add a "nodecon" statement to the corenetwork.te file but the
policy won't compile. How can I label a node from the policy? Here is what I tried: type my_lo_node_t; corenet_node( my_lo_node_t ) nodecon 127.0.0.1 255.255.255.255 gen_context(system_u:object_r:my_lo_node_t, s0)
Thanks, Andy Ruch -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
The AVC should have the node information.
I believe you can define the node in policy but have to use semanage to place it on a ip address. This is what we are doing in OpenShift BTW.
selinux@lists.fedoraproject.org