SE Linux installer changes needed - was Re: /etc/ld.so.cache and FC4T3
russell at coker.com.au
Wed May 18 06:32:02 UTC 2005
On Wednesday 18 May 2005 03:45, Peter Jones <pjones at redhat.com> wrote:
> On Tue, 2005-05-17 at 14:05 +1000, Russell Coker wrote:
> > On Tuesday 17 May 2005 05:35, Jeremy Katz <katzj at redhat.com> wrote:
> > > We never used label'ing of things in the initrd when it was an ext2
> > > image. The loader explicitly sets the exec context before running
> > > anaconda to be system_u:object_r:anaconda_t if policy doesn't fail to
> > > load. Look in /tmp/anaconda.log (or tty3) for errors about loading the
> > > policy or setting the context.
> > That's an invalid context. The correct value should be
> > system_u:system_r:anaconda_t. The role object_r is only suitable for
> > files on disk. The kernel does allow setting it though.
> Fixed in cvs.
I've discovered the root cause of the problem. anaconda.te seems to have been
removed from the targeted policy so there is no anaconda_t domain in the
policy used for installation.
Ideally we want anaconda.te included in the policy for installation but
excluded from the policy used for running the system.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list