[Arm-dev] Cubieboard2 - selinux testing

Robert Moskowitz rgm at htt-consult.com
Mon Aug 31 03:36:06 UTC 2015


So I set selinux to 'permissive' and rebooted.  Took some time and a few 
interesting messages occured on the serial console like:

[  132.847434] systemd-readahead[302]: 
open(/etc/selinux/targeted/modules/active/policy.kern) failed: Too many 
levels of symbolic links

Finally get the login prompt and log in on the serial console as root.  
I then move sshd to a different port.  I have been doing this for years 
and know the selinux secret codes.  First I need to:

yum install policycoreutils-python

Then:

semanage port -a -t ssh_port_t -p tcp 745
firewall-cmd --permanent --add-port=745/tcp
firewall-cmd --reload
vi /etc/ssh/sshd_config  <- change port to 745, and that is not the real 
port number I use.
systemctl restart sshd.service

After the semanage command I got:

[  310.545666] SELinux:  Permission audit_read in class capability2 not 
defined in policy.
[  310.554040] SELinux:  Class binder not defined in policy.
[  310.559671] SELinux: the above unknown classes and permissions will 
be allowed

But I am able to ssh into my server.  So are these messages an indicator 
that things are not right?  I of course want to move on the selinux 
'targeted' to get this secure.  I plan on putting bind on this unit and 
have it for my testing dns server.

Advise?




More information about the Arm-dev mailing list