Humpty Dumpty - some successes

Richard Hally rhally at mindspring.com
Wed May 5 09:01:01 UTC 2004 

Bob Gustafson wrote:

snip


> 
> ----- I do have a few questions though - some may be OT -----
> 
> Yum must have a different header cache as the command line below refetched
> a lot of header files. The sources file for my up2date contains 'yum' lines
> - why is it not the same cache.
> 

yes, different designs and history. yum cache is /var/cache/yum/. 
up2date is /var/spool/up2date/.



> [root at hoho2 user1]# yum install setools*
> 

you usually need to escape the *  ...setools\*


snip

> 
> Seems to be a problem with the sound card stuff - even though it is not
> enforcing at the moment. It worked before SELinux.
> 
The sound card thing may be independent of SELinux but related to 
whether you did a fresh install or just did updates.




> --- Note that it really is enforcing ---
> 
>   [user1 at hoho2 user1]$ od -c /selinux/enforce
>   0000000   1
>   0000001
>   [user1 at hoho2 user1]$
> 
> --- However the /etc/sysconfig/selinux file still says 'disabled'
> 
>   [root at hoho2 user1]# cat /etc/sysconfig/selinux
>   # This file controls the state of SELinux on the system.
>   # SELINUX= can take one of these three values:
>   #       enforcinfg - SELinux security policy is enforced.
>   #       permissive - SELinux prints warnings instead of enforcing.
>   #       disabled - No SELinux policy is loaded.
>   SELINUX=disabled
>   [root at hoho2 user1]# date
>   Tue May  4 20:35:31 CDT 2004
>   [root at hoho2 user1]#
> 
> (Note typo in the enforcing line of this file)


> Maybe the grub kernel line overrides whatever is in this file? Perhaps the
> information in this file controls the boot situation when there is no
> additional boot grub parameter?
> 

Yes, the kernel line overrides the /etc/sysconfig/selinux. Correct on 
the second part also.



> up2date does not work with enforcing=1


I haven't tried up2date in a while. Yum works for me in enforcing mode.


> 
> I noticed that there were a bunch more update files available, so I
> installed all (including the 349 kernel), and then rebooted with enforcing=1

with the 349 kernel check if you are actually "enforcing" with the 
getenforce command(or cat /selinux/enforce). Change on the fly with 
setenforce [0|1].



HTH
Richard Hally

More information about the fedora-selinux-list mailing list