SE Linux installer changes needed - was Re: /etc/ld.so.cache and FC4T3

Russell Coker russell at coker.com.au
Wed May 18 06:32:02 UTC 2005


On Wednesday 18 May 2005 03:45, Peter Jones <pjones at redhat.com> wrote:
> On Tue, 2005-05-17 at 14:05 +1000, Russell Coker wrote:
> > On Tuesday 17 May 2005 05:35, Jeremy Katz <katzj at redhat.com> wrote:
> > > We never used label'ing of things in the initrd when it was an ext2
> > > image.  The loader explicitly sets the exec context before running
> > > anaconda to be system_u:object_r:anaconda_t if policy doesn't fail to
> > > load.  Look in /tmp/anaconda.log (or tty3) for errors about loading the
> > > policy or setting the context.
> >
> > That's an invalid context.  The correct value should be
> > system_u:system_r:anaconda_t.  The role object_r is only suitable for
> > files on disk.  The kernel does allow setting it though.
>
> Fixed in cvs.

I've discovered the root cause of the problem.  anaconda.te seems to have been 
removed from the targeted policy so there is no anaconda_t domain in the 
policy used for installation.

Ideally we want anaconda.te included in the policy for installation but 
excluded from the policy used for running the system.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the fedora-devel-list mailing list