SELinux screwup in FC2 update-kernels
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Mon Aug 23 18:13:10 UTC 2004
sds at epoch.ncsc.mil (Stephen Smalley) writes:
>> * policy can not be rebuilt ('checkpolicy' has compatibility range
>> 15-17, but kernel is 18)
> ...
> Newer SELinux kernels still accept older policy versions, so it should be
> possible to fix the first problem just by modifying the policy Makefile
> and spec file to load whatever version was built by checkpolicy rather
> than always using the kernel's policy version (which just represents the
> latest version it understands). /sbin/init should already contain the
> code to try older policy versions.
Yes, the policy seems to get loaded. But rebuilding does not work
out-of-the-box anymore.
> I'm not sure about your reference to sshd and ptys, but I have seen an
> occasional problem with devpts where I have had to unmount it and
> re-mount it to get things working again.
I can login once without problems. But on the second login, I do
not get a prompt because sshd fails to allocate a new pty. See
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129990.
Recent 2.6.8-1.521 kernel (permissive mode) gives additional
information:
| sshd[1864]: Warning! Could not relabel with system_u:object_r:sshd_devpts_t, not relabeling.
Enrico
More information about the fedora-devel-list
mailing list