[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Humpty Dumpty - some successes

From: Richard Hally <rhally mindspring com>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: Re: Humpty Dumpty - some successes
Date: Wed, 05 May 2004 05:01:01 -0400

Bob Gustafson wrote:

snip

----- I do have a few questions though - some may be OT -----

Yum must have a different header cache as the command line below refetched
a lot of header files. The sources file for my up2date contains 'yum' lines
- why is it not the same cache.

yes, different designs and history. yum cache is /var/cache/yum/. up2date is /var/spool/up2date/.

[root hoho2 user1]# yum install setools*

you usually need to escape the * ...setools\*

snip


Seems to be a problem with the sound card stuff - even though it is not
enforcing at the moment. It worked before SELinux.

The sound card thing may be independent of SELinux but related to whether you did a fresh install or just did updates.

--- Note that it really is enforcing ---

  [user1 hoho2 user1]$ od -c /selinux/enforce
  0000000   1
  0000001
  [user1 hoho2 user1]$

--- However the /etc/sysconfig/selinux file still says 'disabled'

  [root hoho2 user1]# cat /etc/sysconfig/selinux
  # This file controls the state of SELinux on the system.
  # SELINUX= can take one of these three values:
  #       enforcinfg - SELinux security policy is enforced.
  #       permissive - SELinux prints warnings instead of enforcing.
  #       disabled - No SELinux policy is loaded.
  SELINUX=disabled
  [root hoho2 user1]# date
  Tue May  4 20:35:31 CDT 2004
  [root hoho2 user1]#

(Note typo in the enforcing line of this file)

Maybe the grub kernel line overrides whatever is in this file? Perhaps the
information in this file controls the boot situation when there is no
additional boot grub parameter?

Yes, the kernel line overrides the /etc/sysconfig/selinux. Correct on the second part also.

up2date does not work with enforcing=1

I haven't tried up2date in a while. Yum works for me in enforcing mode.


I noticed that there were a bunch more update files available, so I
installed all (including the 349 kernel), and then rebooted with enforcing=1

with the 349 kernel check if you are actually "enforcing" with the getenforce command(or cat /selinux/enforce). Change on the fly with setenforce [0|1].

HTH
Richard Hally

Follow-Ups:
- Re: Humpty Dumpty - some successes
  - From: Bob Gustafson

References:
- Humpty Dumpty
  - From: Bob Gustafson
- Re: Humpty Dumpty - some successes
  - From: Bob Gustafson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]