sharing a partition betweed FC3 and FC5
Stephen Smalley
sds at tycho.nsa.gov
Mon Aug 7 15:29:55 UTC 2006
On Mon, 2006-08-07 at 11:15 -0400, D. Hugh Redelmeier wrote:
> Thanks, Paul and Stepen, for your help.
>
> | From: Stephen Smalley <sds at tycho.nsa.gov>
>
> | Unfortunately, aside from patching your FC3 kernel and rebuilding it, I
> | think your only option is to disable SELinux for FC3 altogether, i.e.
> | boot it with selinux=0 or set SELINUX=disabled in /etc/selinux/config.
>
> Am I correct in my guess that after doing this, the next time FC5 is
> booted, I will have to relabel /home? What is the right way of doing
> this? (Of course I could disable SELinux in FC5 too.)
Yes, if you keep them sharing /home.
> Is "fixfiles relabel /home" the best choice?
/sbin/restorecon -R /home should work.
> In my first message, I mentioned that I got the following messages on
> the console:
>
> inode_doinit_with_dentry: context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2
> inode_doinit_with_dentry: context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2
>
> ==> What does the error message mean?
> inode 2 is the root of the filesystem.
> It appears that kernel routine inode_doinit_with_dentry is calling context_to_sid
> and context_to_sid is returning EINVAL (because the context was invalid).
> But even knowing that, I don't know what it actually means or is caused by.
Your description is correct; while running FC5, the directory was
labeled with the MLS/MCS field (:s0), and the FC3 kernel doesn't
understand it. At the time when FC3 was released, the MLS support in
SELinux was a compile-time option only and not enabled. By FC5, it had
become mainstreamed and turned into a runtime enable based on the policy
loaded at boot time.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list