lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 1 Aug 2008 15:02:24 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Eric Paris <eparis@...hat.com>
Cc:	Gene Heskett <gene.heskett@...il.com>,
	"Rafael J. Wysocki" <rjw@...k.pl>,
	James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org,
	Stephen Smalley <sds@...ho.nsa.gov>, aviro@...hat.com
Subject: Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinux new
	options = no httpd)

On Fri, Aug 01, 2008 at 09:47:59AM -0400, Eric Paris wrote:
> On Fri, 2008-08-01 at 09:39 -0400, Gene Heskett wrote:
> > On Thursday 31 July 2008, Rafael J. Wysocki wrote:
> > Update by Gene below.
> > >On Thursday, 31 of July 2008, James Morris wrote:
> > >> On Thu, 31 Jul 2008, Gene Heskett wrote:
> > >> > >Which new options?
> > >> >
> > >> > Make xconfig-->security options:
> > >> >
> > >> > XFRM Networking security hooks
> > >> >
> > >> >  and several others just below it.  Unforch, I can't copy/paste the
> > >> > screen.
> > >>
> > >> I can't really imagine what that is (although if you enable the secmark
> > >> controls under the main SELinux menu, which are disabled by default,
> > >> there could be problems).
> > >
> > >On a possibly related note, I've been observing a strange issue on one of
> > >my test boxes with OpenSUSE 10.3 recently.   Namely, the fsck complains
> > >that there's no passno value in the fstab, although it obviously is present.
> > >
> > >Strangely enough, if the kernel is compiled with CONFIG_SECURITY_SELINUX
> > > unset, the fsck doesn't complain about the missing passno field any more.
> > >
> > >Thanks,
> > >Rafael
> > 
> > I just did a 2.6.27-rc1 rebuild on a pure, all defaults 'make oldconfig' from
> > my 2.6.26 final .config moved to that src tree.
> > 
> > httpd is still being denied access to its log files and dies during the bootup.
> > 
> > This is a showstopper for me.
> 
> Stephen Smalley just sent me a private note.  Apparently he is having
> e-mail trouble but he did point out the most likely problem.  Can you
> add the patch from
> 
> http://marc.info/?l=linux-kernel&m=121726661110266&w=2
> 
> And give it a whirl?  Sorry, but we think the problem is that the VFS
> stopped passing all of the relevant information down to the security
> system.  https is only allowed to append to its log files, not actually
> 'write.'  Since the VFS is longer differentiating those two operations
> you are getting then denial for write.
> 
> I'll try to get this pushed into linus's tree quickly.

It's in linux-next, BTW.  I'll push the next set to Linus in an hour or so.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ