stock kernel compile and run on FC3
Russell Coker
russell at coker.com.au
Tue Aug 17 09:58:51 UTC 2004
On Tue, 17 Aug 2004 15:54, "Lee Connell" <lee_connell at hotmail.com> wrote:
> I have extracted the kernel source from SRPMS and also used the shipped
> config for my architecture. I compiled the kernel using stock kernel and
> config. everything went well, until i went too boot into my machine using
> the new kernel. I get the following error:
>
> -Enforcing mode requested but no policy loaded. Halting now.
> Kernel panic: attempted to kill init.
The problem is that FC3 has kernel 2.6.7 with a patch from the NSA site to
give policy V18, and the policy compile scripts compile V18 policy. A stock
2.6.7 kernel has policy V17 which is not to be found.
The best thing to do is to just get the patch from the NSA web site to give
2.6.7 support for V18 policy, then things should just work.
It is possible to use the "-c 17" option to checkpolicy to produce a V17
policy. You could modify the Makefile for your policy (if you have
checkpolicy and the policy source installed) to do this. But it's probably
easier to just patch your kernel or use kernel 2.6.8.1 which has the patch
included.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-test-list
mailing list