SE Linux installer changes needed - was Re: /etc/ld.so.cache and FC4T3

Jeremy Katz katzj at redhat.com
Mon May 16 19:35:26 UTC 2005


On Mon, 2005-05-16 at 01:06 +1000, Russell Coker wrote:
> The domain anaconda_t seems to be unused (we should probably just delete 
> anaconda.te).  The installation process runs all initial programs from an 
> initrd (gzip compressed cpio file).  cpio has no support for SE Linux labels 
> so no domain transitions occur and everything runs in kernel_t.  Everything 
> that's not in an initrd is in a cramfs file system (which also has no support 
> for SE Linux labelling).  This means that created files get the type of the 
> directory - etc_t in the case of /etc/ld.so.cache.

We never used label'ing of things in the initrd when it was an ext2
image.  The loader explicitly sets the exec context before running
anaconda to be system_u:object_r:anaconda_t if policy doesn't fail to
load.  Look in /tmp/anaconda.log (or tty3) for errors about loading the
policy or setting the context.

Jeremy




More information about the fedora-devel-list mailing list