problems compiling bitkeeper kernels for selinux

[Stephen Smalley]

On Sun, 2004-04-18 at 09:31, Thomas Molina wrote:
> My first attempt at using a "stock" kernel has failed miserably and I am
> hoping someone can tell me what I am doing wrong.  I synced up my tree to
> be the latest and greatest kernel and recompiled.  Loading the resulting
> kernel works fine with selinux=0, but fails miserably with selinux
> enabled, even in permissive mode.

The boot messages indicate that you didn't enable the security xattr
handlers for ext3, so there is no filesystem support for security
labels.   From the selinux-doc README:
                                                          
Under Filesystems, be sure to enable the Ext[23] extended attributes and
Ext[23] Security Labels options (CONFIG_EXT[23]_FS_XATTR,
CONFIG_EXT[23]_FS_SECURITY).
                                                                                
Under Pseudo Filesystems, be sure to enable the /dev/pts
Extended Attributes and /dev/pts Security Labels options
(CONFIG_DEVPTS_FS_XATTR, CONFIG_DEVPTS_FS_SECURITY).
                                                                                
Under Security, be sure to enable all of the following options:
        Enable different security models (CONFIG_SECURITY)
        Socket and Networking Security Hooks (CONFIG_SECURITY_NETWORK)
        Capabilities Support (CONFIG_SECURITY_CAPABILITIES)
        NSA SELinux Support (CONFIG_SECURITY_SELINUX)
        NSA SELinux Development Support (CONFIG_SECURITY_SELINUX_DEVELOP)
        NSA SELinux boot parameter (CONFIG_SECURITY_SELINUX_BOOTPARAM)

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency