SE Linux installer changes needed - was Re: /etc/ld.so.cache and FC4T3
Peter Jones
pjones at redhat.com
Mon May 16 15:13:04 UTC 2005
On Mon, 2005-05-16 at 22:45 +1000, Russell Coker wrote:
> On Monday 16 May 2005 22:11, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> > On Mon, 2005-05-16 at 01:06 +1000, Russell Coker wrote:
> > > I've found the problem.
> > >
> > > The domain anaconda_t seems to be unused (we should probably just delete
> > > anaconda.te). The installation process runs all initial programs from an
> > > initrd (gzip compressed cpio file). cpio has no support for SE Linux
> > > labels so no domain transitions occur and everything runs in kernel_t.
> > > Everything that's not in an initrd is in a cramfs file system (which also
> > > has no support for SE Linux labelling). This means that created files
> > > get the type of the directory - etc_t in the case of /etc/ld.so.cache.
> >
> > initrd or initramfs? Sounds like the latter from your description. An
> > initrd should be able to support a labeled filesystem like ext2, unlike
> > initramfs.
>
> initrd. Sure an initrd can support ext2 with labels, but that's not being
> done at the moment and such a significant change is unlikely to be made to
> the installer in a hurry.
Anaconda has been using initramfs for boot media since November. Are
you sure you mean initrd?
Regardless of that, why isn't ld.so.cache's context getting set
correctly from the data in the glibc package?
--
Peter
More information about the fedora-devel-list
mailing list