udev slowness and selinux
Stephen Smalley
sds at tycho.nsa.gov
Mon Dec 5 13:23:52 UTC 2005
On Fri, 2005-12-02 at 17:50 -0500, Daniel J Walsh wrote:
> Yesterday's policy package wiped out the policy.20 file, on yum update.
> We are no longer shipping policy.20 in the rpm, and the package post
> install creates it. Problem is the previous version was shipped with
> it and wipes it out on its post uninstall. Need to change the trigger
> on policy package to recreate policy.20.
>
> selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site
> ftp://people.redhat.com/dwalsh/SELinux/Fedora
>
> You can also do a
> semoudle -B /usr/share/selinux/targeted/base.pp to recreate the
> policy.20 file.
>
> Do not reboot until you fix this or else init will crash because you
> have no policy.
So why is init "crashing" rather than logging a message about the
failure to load policy and halting cleanly? Bug in libselinux or in
sysvinit-selinux.patch? I moved aside my policy.20 file to prevent
loading by init, rebooted with enforcing=0 single, and then ran a
trivial program that called the libselinux selinux_init_load_policy()
function under valgrind, and it returned -1 as expected without any
memory errors being reported, so libselinux seems to handle it
correctly. Hence, I would have expected init to log the "Enforcing mode
requested but no policy loaded. Halting now." message (from
sysvinit-selinux.patch) and then exit normally.
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list