在将GNU/Linux用户映射为SELinux staff_u用户,会出现帐号锁定后无法解锁的问题,提示:验证系统无法工作。下面我们使用autdit2allow生成对应的模块,并加载。
1、使用audit2allow生成模块文件:
# cat /var/log/audit/audit.log|grep -i staff_u|grep /usr/lib/libQtWebKit.so.4.10.1 | audit2allow -M staff_local
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i staff_local.pp
#
2、加载模块
[root@localhost ~]# semodule -v -i /etc/selinux/targeted/modules/active/modules/staff_local.pp
Attempting to install module '/etc/selinux/targeted/modules/active/modules/staff_local.pp':
Ok: return value of 0.
Committing changes:
libsepol.permission_copy_callback: Module BackupPC depends on permission disable in class system, not satisfied
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
[root@localhost ~]#
卸载BackupPC模块后再执行。
[root@localhost modules]# semodule -i staff.pp -vv
Attempting to install module 'staff.pp':
Ok: return value of 0.
Committing changes:
Ok: transaction number 0.
[root@localhost modules]#
阅读(8675) | 评论(0) | 转发(0) |