What severity would this SELinux denial have for the latest kernel?
Jim Cornette
fct-cornette at insight.rr.com
Fri Jan 4 00:58:58 UTC 2008
Tom London wrote:
> On Jan 3, 2008 3:37 PM, Antonio Olivares <olivares14031 at yahoo.com> wrote:
>>
>> --- Jim Cornette <fct-cornette at insight.rr.com> wrote:
>>
>>> I updated the kernel after installing the latest
>>> mkinitrd package and
>>> some errors were reported when pup finished. I also
>>> got the attsched
>>> SELinux error.
>>> The other SELinux error with xdm_var_lib_t was
>>> already mentioned in an
>>> earlier post.
>>>
>>> Jim
>
> This has been reported and is being worked on (per posting on selinux list).
>
> There is a simple workaround that 'works for me': remove the
> improperly installed kernel package (via 'rpm -e' or 'yum remove'),
> change to permissive mode, and redo the install of the kernel package
> (via 'rpm -ivh' or 'yum update'). You can then change back to
> enforcing mode.
>
> This will not prevent the AVC, but the kernel installs properly and boots.
>
> I suspect we will see this fixed in a real short time.
>
> tom
Thanks!
I tried to boot it upon a computer restart. Obviously the error caused
problems. The SELinux errors effected an Fedora 8 kernel in the same way.
Switching to permissive and uninstalling both the latest Fedora 8 kernel
(Need it since /dev/rtc problem and network hang are still a problem
with Fedora 9 kernels) and the latest Fedora 9 kernel hung at /dev/rtc
and then after network was started.
You are right about the logging of errors after setting SELinux to
permissive. There were denials logged for both kernels on re-install.
SELinux errors are fixed fairly fast. The kernel locking (init portion
anyway) and ati driver error are still there with the latest versions.
Jim
More information about the fedora-test-list
mailing list