Invalid context?

[Tom Mitchell]

On Sun, May 09, 2004 at 01:06:25AM -0700, Tom Mitchell wrote:
> On Wed, May 05, 2004 at 04:47:04PM -0400, Wayne Steenburg wrote:
> > On Tue, 2004-05-04 at 23:16, Joshua Adam Ginsberg wrote:
> > > Hello --
> > > 
> > > I must admit I'm a bit of a newbie when it comes to SELinux, but every
> > > time I try to install a package, I get about a hundred lines of
> > > "/etc/security/selinux/file_contexts:  invalid context foo on line
> > > number ###" with foo and ### different on each line. From reading the
> > > archives, I gather I can boot with selinux=0 to avert the problem, but I
> > > also gather that wouldn't be desirable. This is a brand, spankin' new
> > > installation of FC2T3, so I'm wondering if I've done something wrong or
> > > are doing something wrong. Thanks!
> > > 
> > The selinux=0 kernel option is not supported as of 2.6.5-1.349 . 
> > Setting SELINUX=disabled in /etc/sysconfig/selinux is the "new and
> > improved" way :)
> 
> How...
> 
>    # rpm -q --whatprovides /etc/sysconfig/selinux
>    file /etc/sysconfig/selinux is not owned by any package
> 
> does this file get built I see no obvious clue running 2.6.5-1.356?

After a clean install the file /etc/sysconfig/selinux exists.

It has the following default content:

    [root at xyz sysconfig]# cat selinux
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcinfg - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - No SELinux policy is loaded.
    SELINUX=disabled

I suspect that there is one typo in it ;-)

Now to look at the CDROMs and discover how it is generated.

If the system has never run in enforcing mode or if
it has been run disabled for any length of time.
First set to permissive so all the context is active 
to run "fixfiles relabel".



-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.