Humpty Dumpty - some successes
Richard Hally
rhally at mindspring.com
Wed May 5 09:01:01 UTC 2004
Bob Gustafson wrote:
snip
>
> ----- I do have a few questions though - some may be OT -----
>
> Yum must have a different header cache as the command line below refetched
> a lot of header files. The sources file for my up2date contains 'yum' lines
> - why is it not the same cache.
>
yes, different designs and history. yum cache is /var/cache/yum/.
up2date is /var/spool/up2date/.
> [root at hoho2 user1]# yum install setools*
>
you usually need to escape the * ...setools\*
snip
>
> Seems to be a problem with the sound card stuff - even though it is not
> enforcing at the moment. It worked before SELinux.
>
The sound card thing may be independent of SELinux but related to
whether you did a fresh install or just did updates.
> --- Note that it really is enforcing ---
>
> [user1 at hoho2 user1]$ od -c /selinux/enforce
> 0000000 1
> 0000001
> [user1 at hoho2 user1]$
>
> --- However the /etc/sysconfig/selinux file still says 'disabled'
>
> [root at hoho2 user1]# cat /etc/sysconfig/selinux
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcinfg - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - No SELinux policy is loaded.
> SELINUX=disabled
> [root at hoho2 user1]# date
> Tue May 4 20:35:31 CDT 2004
> [root at hoho2 user1]#
>
> (Note typo in the enforcing line of this file)
> Maybe the grub kernel line overrides whatever is in this file? Perhaps the
> information in this file controls the boot situation when there is no
> additional boot grub parameter?
>
Yes, the kernel line overrides the /etc/sysconfig/selinux. Correct on
the second part also.
> up2date does not work with enforcing=1
I haven't tried up2date in a while. Yum works for me in enforcing mode.
>
> I noticed that there were a bunch more update files available, so I
> installed all (including the 349 kernel), and then rebooted with enforcing=1
with the 349 kernel check if you are actually "enforcing" with the
getenforce command(or cat /selinux/enforce). Change on the fly with
setenforce [0|1].
HTH
Richard Hally
More information about the fedora-selinux-list
mailing list