SE Linux installer changes needed - was Re: /etc/ and FC4T3

Russell Coker russell at
Wed May 18 06:32:02 UTC 2005

On Wednesday 18 May 2005 03:45, Peter Jones <pjones at> wrote:
> On Tue, 2005-05-17 at 14:05 +1000, Russell Coker wrote:
> > On Tuesday 17 May 2005 05:35, Jeremy Katz <katzj at> wrote:
> > > We never used label'ing of things in the initrd when it was an ext2
> > > image.  The loader explicitly sets the exec context before running
> > > anaconda to be system_u:object_r:anaconda_t if policy doesn't fail to
> > > load.  Look in /tmp/anaconda.log (or tty3) for errors about loading the
> > > policy or setting the context.
> >
> > That's an invalid context.  The correct value should be
> > system_u:system_r:anaconda_t.  The role object_r is only suitable for
> > files on disk.  The kernel does allow setting it though.
> Fixed in cvs.

I've discovered the root cause of the problem.  anaconda.te seems to have been 
removed from the targeted policy so there is no anaconda_t domain in the 
policy used for installation.

Ideally we want anaconda.te included in the policy for installation but 
excluded from the policy used for running the system.

--   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page

More information about the fedora-selinux-list mailing list