Lab 41.1

mo79uk

The problem of not experiencing a problem (using CentOS, and SElinux is enabled and in enforcing mode):

Part 4.
When I tried to view file2.html moved to /var/www/html, I do not get the forbidden message; the file is dumped to standard output fine.
When I examine the context of file2.html, it has etc_run_time_t rather than admin_home_t. But even when I use chcon to change that to admin_home_t to see if I can get the forbidden message, the file still dumps correctly.
Any suggestions?

Also a typo in 4:
$ sudo mv file2.html /var/www.html - should be /var/www/html

mo79uk

A few issues in lab 42.2 too:

Part 7 says aa-genproc rather than aa-genprof

My ping-x profile was set as complain by default, so to get the operation to deny, first you had to enter
$ sudo aa-enforce /bin/ping-x

luisviveropena

Hi mo79uk, what is the CentOS version you are working with? So I can do a test case.

Regards,
Luis.

mo79uk

Hi,

CentOS with GNOME in a VM:

$ cat /etc/redhat-release
CentOS Linux release 7.5.1804 (core)

$ uname -r
3.10.0-862.14.4.el7.x86_64

luisviveropena

Hi mo79uk,

I did the testcase on CentOS 7.2 and it worked, in fact I obtained the "Forbidden" message. Are you sure that SELinux is in enforcing mode? Also, did you move the file from /root/ to the DocumentRoot directory? I suggest to paste here all the commands you run, because it's working for me.

Regards,
Luis.

mo79uk

Hmm, now it's working (it wasn't several times earlier) - either my brain needed a reboot or something in the VM.. Thanks anyway.

luisviveropena

With my best friend happens the same; she says "c'mon please, it doesn't work". And as soon as I get there it starts working, hehehe.

Regards!

Luis.

coop

"There are some mysteries not understood by modern science."