Kernel + Selinux + Udev + selinux=0
"Jóhann B. Guðmundsson"
johannbg at hi.is
Tue Mar 4 09:21:55 UTC 2008
Yuan Yijun wrote:
> 2008/3/4, Johann B. Gudmundsson <johannbg at hi.is>:
>
>> Anyone else noticing this...
>>
>> The kernels get stuck at UDEV loading...
>>
>> kernel-2.6.25-0.82.rc3.git2.fc9.i686
>> kernel-2.6.25-0.73.rc3.git1.fc9.i686
>>
>> Have selinux disabled in /etc/selinux/config...
>> and the kernel get stuck at UDEV
>>
>> But if I pass the selinux=0 kernel parameter
>> to the kernel(s) they load just fine..
>>
>> Best regards.
>> Johann B.
>>
>> PS. the radeon driver sorta works now for [ Mobility Radeon X300]
>> had to switch to vesa driver with the previous version to get into X
>> It does not offer correct resolution for my screen though
>> ( Dell inspiron 6000/Dell 1600x1200/Driver/Display only offers/
>> 1680x1050 )
>> xorg-x11-drv-ati-6.8.0-3.fc9.i386
>>
>>
>>
>
> Boot a second time and it will be fine, I have met with this several times.
>
> BTW, I find that one must have selinux=enforcing when installing
> kernel. I started with selinux=0, and changed /etc/sysconfig/selinux
> to permissive, then reboot to single mode, relabel, setenforce 1, then
> install the kernel, change /etc/sysconfig/selinux to enforcing and
> reboot: that fixes boot problem for ever.
>
> I have a problem that how to specify selinux=permissive at grub
> prompt, when /etc/sysconfig/selinux=enforcing?
>
>
>
>
Selinux related Kernel Parameters..
autorelabel=1 # Forces system to relabel
enforcing=0 #Sets selinux to Permissive (log only, no denials).
Yuan the above is what you want selinux=permissive does not exist..
enforcing=1 # Sets selinux to Enforcing (deny and log).
selinux=0 # THIS IS NOT SAME AS ENFORCING this will cause
the kernel to not load any of the selinux infrastructure hence files that
are created at boot time will not get a label and are market as file_t (
Unlabeled file).
After booting with selinux=0 make sure that you do "touch /.autorelabel"
( This should be done by default but hey this is rawhide we are talking
about :) )
or better yet do "echo 0 > /selinux/enforce && fixfiles relabel " or on
next reboot
pass the "enforcing=0 autorelabel=1" to the kernel.
( That is if you are gonna run selinux in either permissive or enforcing
mode )
selinux=1 # Turns the selinux infrastructure on ( Default )...
selinux_compat_net=0 # Sets selinux to use new secmark-based packet
controls ( default )
selinux_compat_net=1 # Sets selinux to use legacy packet controls
If you wanna change the value of selinux at runtime do....
echo 0 > /selinux/enforce # Sets selinux in permissive mode
echo 1 > /selinux/enforce #Sets selinux to enforce again..
For compat_net do..
echo 0 > /selinux/compat_net # secmark-based packet controls
echo 1 > /selinux/compat_net # legacy packet controls
To get the status of selinux use "getenforce"
To permanently change the status of selinux either edit
/etc/selinux/config manually ( disabled,permissive,enabled )
or use setenforce=0 ( permissive ) or setenforce=1 (enabled )
or set kernel parameters to grub.conf
Best regards
Johann B.
PS. Could somebody put this on the wiki --> Testers page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: johannbg.vcf
Type: text/x-vcard
Size: 381 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20080304/31696769/attachment.vcf>
More information about the fedora-test-list
mailing list