thousands of selinux messages logged (selinux disabled!)
Stephen Smalley
sds at epoch.ncsc.mil
Fri Apr 9 12:49:27 UTC 2004
On Fri, 2004-04-09 at 08:02, Neal Becker wrote:
> I'm running with selinux=disabled, but syslog is filling with thousands of
> messages, like:
>
> Apr 4 11:43:59 localhost kernel: security_context_to_sid: called before
> initial
> load_policy on unknown context system_u:object_r:default_t
The /etc/sysconfig/selinux disabled setting isn't identical to booting
with selinux=0; the disabled setting just causes /sbin/init to leave
SELinux in permissive mode and not load a policy, whereas booting with
selinux=0 prevents SELinux from even registering as a kernel security
module at boot time.
Offhand, I would guess that something is running setfiles, and setfiles
is attempting to check all of the contexts in the file_contexts
specification. We can certainly modify setfiles to immediately abort if
is_selinux_enabled() < 1, but I'm not sure why setfiles is being
automatically run on your system. Do you see it running in your process
table? What's the parent process?
A workaround for you would be to boot with selinux=0.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-test-list
mailing list