udev slowness and selinux
Daniel J Walsh
dwalsh at redhat.com
Mon Dec 5 16:56:12 UTC 2005
Stephen Smalley wrote:
> On Fri, 2005-12-02 at 17:50 -0500, Daniel J Walsh wrote:
>
>> Yesterday's policy package wiped out the policy.20 file, on yum update.
>> We are no longer shipping policy.20 in the rpm, and the package post
>> install creates it. Problem is the previous version was shipped with
>> it and wipes it out on its post uninstall. Need to change the trigger
>> on policy package to recreate policy.20.
>>
>> selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site
>> ftp://people.redhat.com/dwalsh/SELinux/Fedora
>>
>> You can also do a
>> semoudle -B /usr/share/selinux/targeted/base.pp to recreate the
>> policy.20 file.
>>
>> Do not reboot until you fix this or else init will crash because you
>> have no policy.
>>
>
> So why is init "crashing" rather than logging a message about the
> failure to load policy and halting cleanly? Bug in libselinux or in
> sysvinit-selinux.patch? I moved aside my policy.20 file to prevent
> loading by init, rebooted with enforcing=0 single, and then ran a
> trivial program that called the libselinux selinux_init_load_policy()
> function under valgrind, and it returned -1 as expected without any
> memory errors being reported, so libselinux seems to handle it
> correctly. Hence, I would have expected init to log the "Enforcing mode
> requested but no policy loaded. Halting now." message (from
> sysvinit-selinux.patch) and then exit normally.
>
>
I think the message is being printed but not being flushed
I am putting a fix in init to make sure message comes out.
More information about the fedora-devel-list
mailing list