Welcome to the Linux Foundation Forum!

Application Security Labs

Posts: 5
edited October 2016 in LFS216 Class Forum

The SELinux lab is not working for me. SELinux shows an error on /usr/bin/ls /home but allows /etc/passwd.

 

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Comments

  • Posts: 380
    edited October 2016

    If you could let me know which lab step is giving you problems. 

  • Posts: 2
    edited July 2017

    I confirm this problem too. This is in Lab7.4 (9th list item).

    for me the SELinux restricted mode didn't prevent reading /etc/passwd with cgi-script, but "ls /home" was denied in default CentOS VM taken from Linux Foundation resources.

  • Posts: 380
    edited July 2017

    Hi, Thank you for letting us know there is an issue. It seems updates have caused a portion of this exercise work differently. The focus of the exercise is to see selinux stop the cgi-script from doing something it is not supposed to. It appears that the cgi-script has the requied access rights to read the /etc/passwd file, as should every process.  So if we edit out the "cat  /etc/passwd" out of our password.sh scriot and focus on the  "ls -la /home" component we can see that SElinux does indeed stop the cgi script from listing the contents. There is an "setroubleshoot" message in /var/log/messages describing that SElinux prevented the command from exicuting.  Set SElinux mode back to "permissive" with the command "setenforce 0" and the cgi script can access the /home directory. 

    Thanks. 

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Quick Links

Categories

Upcoming Training