[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Major problems after upgrade from FC1



On Mon, 12 Jul 2004 13:48:55 EDT, Stephen Smalley <sds epoch ncsc mil>  said:
> On Mon, 2004-07-12 at 13:50, A. Gautier wrote:
> > I am about to pull what little is left of my hair out.  I decided to
> > upgrade from FC1 to FC2 by pointing yum to a FC2 repository and upgrading
> > all packages.  This worked for the most part but I am having massive
> > problems with SELinux.
> 
> If you want to use SELinux, you need to initially label your
> filesystems, which wouldn't occur automatically on an upgrade (vs. a
> clean install).  Run 'fixfiles relabel' from single-user mode and
> reboot.  But if you don't want to use SELinux, you can disable it; put
> SELINUX=disabled in /etc/sysconfig/selinux (or /etc/selinux/config if
> using thte development tree) and be done with it.

Is it time we hacked up /sbin/init to do the following:

   if (selinux_enabled && (getfilecon("/etc") == NULL)) {
        printf("You need to run 'fixfiles relabel'");
        exit(1);
    }

or something similar, so people *know* what they did wrong?

One can also make the security case that if SELinux is disabled,
and init can convince itself the root filesystem isn't labelled, that
it should stop right there as a fail-safe?

Attachment: pgp00010.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]