Install of latest packages....kernel-2.6.6-1.421 fails, selinux-policy-strict-1.13.3-2 succeeds
Tom London
selinux at comcast.net
Fri Jun 4 18:06:07 UTC 2004
I did a 'yum update' to pick up the latest stuff from the development
and Arjan's tree. I worked around the rpm conflicts from early stuff in
the development tree.
The kernel update (421) still fails under strict/enforcing mode. The
context labels now appear to be in the rpm file, but I'm getting similar
messages:
...... lots and lots of WARNING messages like:
WARNING: Couldn't stat
/lib/modules/2.6.6-1.421/build/include/asm-i386/ptrace.h: Permission denied
WARNING: Couldn't stat
/lib/modules/2.6.6-1.421/build/include/asm-i386/bug.h: Permission denied
WARNING: Couldn't stat
/lib/modules/2.6.6-1.421/build/include/asm-i386/serial.h: Permission denied
WARNING: Couldn't stat /lib/modules/2.6.6-1.421/build/mm/Makefile:
Permission denied
FATAL: Could not open /lib/modules/2.6.6-1.421/modules.dep.temp for
writing: Permission denied
/bin/bash: /root/.bashrc: Permission denied
No dep file found for kernel 2.6.6-1.421
mkinitrd failed
My previous workaround (do 'setenforce 0; yum ....' followed by a
relabel) did not work this time. The mkinitrd now fails even under
permissive mode:
[root at dell selinux]# setenforce 0
[root at dell selinux]# yum install kernel
Gathering header information file(s) from server(s)
Server: Test Linux 2.6-test prerelease kernels
Server: Fedora Core 2 - i386 - Base
Server: Fedora Core 2 - Development Tree
Server: Fedora Core 2 - i386 - Released Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[install: kernel 2.6.6-1.421.i686]
Is this ok [y/N]: y
Downloading Packages
Running test transaction:
Test transaction complete, Success!
kernel 100 % done 1/1
memlock: Cannot allocate memory
Couldn't lock into memory, exiting.
mkinitrd failed
Since the latest kernel's seemed to have auditing off, I can't locate
anything interesting in /var/log/messages. (Looks like CONFIG_AUDIT is
set to y in 421.)
Since the label now appear correct in the rpm file, could this be
something in the policy/context files? Any ideas?
The install of the 1.13.3-2 policy packages seemed to work OK. It left
my /etc/selinux/config file untouched. (I guess I should have removed it
prior to install.....sorry).
tom
More information about the fedora-selinux-list
mailing list