[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: udev slowness and selinux



Gene C. wrote:
On Friday 02 December 2005 14:20, Nicolas Mailhot wrote:
Le vendredi 02 décembre 2005 à 14:17 -0500, Stephen Smalley a écrit :
It isn't the number of nodes in /dev; it is the number of entries in
file_contexts.  And the slowdown should be improved/eliminated with
recent changes in libselinux (1.27.28); let us know if it isn't.  There
are two changes in libselinux, one of which will have immediate benefit
without requiring any changes to udev, and the other of which requires a
small change to udev to take advantage of.
BTW today's rawhide segfaults on boot if run in enforcing mode

checkpolicy-1.27.19-1
selinux-policy-targeted-2.0.7-2
audit-1.1.1-1
audit-libs-1.1.1-1
audit-libs-1.1.1-1
libselinux-1.27.28-1
libselinux-1.27.28-1
libsepol-1.9.41-1
libsepol-1.9.41-1
libsemanage-1.3.61-1

Adding selinux=false to the boot arguments rescues the system

I also see a kernel panic after today's updates if selinux=enforcing

Reboot selinux=false single
and change to selinux=permissive gets things working again.
Yesterday's policy package wiped out the policy.20 file, on yum update. We are no longer shipping policy.20 in the rpm, and the package post install creates it. Problem is the previous version was shipped with it and wipes it out on its post uninstall. Need to change the trigger on policy package to recreate policy.20.

selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site ftp://people.redhat.com/dwalsh/SELinux/Fedora

You can also do a
semoudle -B /usr/share/selinux/targeted/base.pp to recreate the policy.20 file.

Do not reboot until you fix this or else init will crash because you have no policy.

--



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]