Kernel 2.6.14-1.1653 & selinux 1.27.1.-2.16
Stephen Smalley
sds at tycho.nsa.gov
Fri Jan 27 19:29:22 UTC 2006
On Fri, 2006-01-27 at 14:18 -0500, Valdis.Kletnieks at vt.edu wrote:
> On Fri, 27 Jan 2006 11:44:07 EST, Stephen Smalley said:
> > On Fri, 2006-01-27 at 17:49 +0200, G Jahchan wrote:
> > > ls -Z /sbin/init
> > > -rwxr-xr-x root root system_u:object_r:staff_home_t /sbin/init
> >
> > That's your problem - your filesystem is incorrectly labeled. Don't
> > know how your /sbin/init program ended up with the type of a staff home
> > directory; it should have init_exec_t.
>
> It's probably related to the strict policy whoopsage I reported - the system
> would end up with only some 10% of the policy modules in place, and a restorecon
> wouldn't include the *.fc rules for the missing modules - so some less-restrictive
> rule would set the context (I ended up with almost everything as default_t,
> but I could see how staff_home_t might happen too...)
>
> At one point, every single process on my laptop was running in kernel_t, because
> the various init_t and similar types weren't defined, nor were the transitions for
> them. Good thing I'm running in permissive. ;)
Except that his message indicated that he is running FC4, not rawhide
(look at his kernel and policy versions).
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list