[FC3] kernel panic after selinux-policy-targeted update
Stephen Smalley
sds at tycho.nsa.gov
Wed Jun 29 15:22:36 UTC 2005
On Wed, 2005-06-29 at 12:12 -0300, Martín Marqués wrote:
> Shouldn't the update of selinux-policy-targeted force a kernel update to
> -1.35_FC3?
The problem with older kernels wasn't known at the time, and we still
aren't sure what is causing the pervasive execmod problem in the older
kernels. The SELinux code itself should be the same, so it seems to be
a side effect of some kernel patch that changed between -1.27 and -1.35.
Now, there will still be some execmod denials with -1.35 and the policy
needs some changes to address those denials, but those are limited to
actual cases where you have a text relocation (e.g. gpg, acroread, ...),
not programs like /sbin/init.
--
Stephen Smalley
National Security Agency
More information about the fedora-list
mailing list