selinux policy change yields unbootable initrd
Stephen Smalley
sds at tycho.nsa.gov
Mon Mar 19 13:22:18 UTC 2007
On Fri, 2007-03-16 at 18:26 +0000, Will Woods wrote:
> On Fri, 2007-03-16 at 14:06 -0400, Euman wrote:
>
> > Ive been following this issue on several other list and here is what
> > seems to be the problem as far as some FedoraProject see's the issue..
> >
> > Look at ->
> > http://fedoraproject.org/wiki/F7Test2/ReleaseNotes
> >
> > ->
> > [Problems with mkinitrd]
> >
> > they mention the rpm ordering issue and updating anaconda via an
> > .img pkg
>
> That's a different bug.
>
> That bug is a problem with the installer trying to install the mkinitrd
> package - it would sometimes get stuck in an infinite loop on 64-bit
> machines.
>
> My problem is that the SELinux policy is denying mkinitrd some
> permissions it needs to be able to create a working initrd.
>
> Or, rather, it *was* - it seems to work with selinux-policy-2.5.8-5.fc7.
> The changelog mentions prelink, not ldconfig, so I'm not sure what
> actually changed and whether the problem is really fixed or if I'm just
> not seeing it now.
>
> How could I get a diff between the two policies?
If you want a comparison of the actual kernel binary policies, you can
use sediff from setools to display a semantic diff of them.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list