[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: udev slowness and selinux



Stephen Smalley wrote:
On Fri, 2005-12-02 at 17:50 -0500, Daniel J Walsh wrote:
Yesterday's policy package wiped out the policy.20 file, on yum update. We are no longer shipping policy.20 in the rpm, and the package post install creates it. Problem is the previous version was shipped with it and wipes it out on its post uninstall. Need to change the trigger on policy package to recreate policy.20.

selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site ftp://people.redhat.com/dwalsh/SELinux/Fedora

You can also do a
semoudle -B /usr/share/selinux/targeted/base.pp to recreate the policy.20 file.

Do not reboot until you fix this or else init will crash because you have no policy.

So why is init "crashing" rather than logging a message about the
failure to load policy and halting cleanly?  Bug in libselinux or in
sysvinit-selinux.patch?  I moved aside my policy.20 file to prevent
loading by init, rebooted with enforcing=0 single, and then ran a
trivial program that called the libselinux selinux_init_load_policy()
function under valgrind, and it returned -1 as expected without any
memory errors being reported, so libselinux seems to handle it
correctly.  Hence, I would have expected init to log the "Enforcing mode
requested but no policy loaded.  Halting now." message (from
sysvinit-selinux.patch) and then exit normally.

I think the message is being printed but not being flushed

I am putting a fix in init to make sure message comes out.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]