selinux policy change yields unbootable initrd

Stephen Smalley sds at tycho.nsa.gov
Mon Mar 19 13:22:18 UTC 2007


On Fri, 2007-03-16 at 18:26 +0000, Will Woods wrote:
> On Fri, 2007-03-16 at 14:06 -0400, Euman wrote:
> 
> > Ive been following this issue on several other list and here is what 
> > seems to be the problem as far as some FedoraProject see's the issue..
> > 
> > Look at ->
> > http://fedoraproject.org/wiki/F7Test2/ReleaseNotes
> > 
> > ->
> > [Problems with mkinitrd]
> > 
> > they mention the rpm ordering issue and updating anaconda via an
> >  .img pkg
> 
> That's a different bug.
> 
> That bug is a problem with the installer trying to install the mkinitrd
> package - it would sometimes get stuck in an infinite loop on 64-bit
> machines. 
> 
> My problem is that the SELinux policy is denying mkinitrd some
> permissions it needs to be able to create a working initrd.
> 
> Or, rather, it *was* - it seems to work with selinux-policy-2.5.8-5.fc7.
> The changelog mentions prelink, not ldconfig, so I'm not sure what
> actually changed and whether the problem is really fixed or if I'm just
> not seeing it now.
> 
> How could I get a diff between the two policies? 

If you want a comparison of the actual kernel binary policies, you can
use sediff from setools to display a semantic diff of them.  

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list