SELinux silently disabled on boot under 2.6.14/2.6.14.2 on FC3 system ?

[rhp]

15-nov-05

Hello Dave, Bill, & Stephen:

Ok. thanks for the information, I can live with that and just use the
2.6.12-FC3 source for any further upgrades in the FC3 kernel rather
than pulling from kernel.org.

Would there be any benefit in installing the rawhide /sbin/init on a
FC3 box ? I'm rather ambivalent about upgrading to FC4 at this point
given FC5 is scheduled for February.

FWIW: I did try booting 'enforcing' with 2.6.14 earlier just to see
what would happen and, if memory serves, I got a kernel panic on 'no
policy loaded' but I didn't pursue it as I got distracted by the
'xattr red herring'

Brgds
Bob


On 11/15/05, Dave Jones <davej at redhat.com> wrote:
> On Mon, Nov 14, 2005 at 12:07:00PM -0500, Bill Nottingham wrote:
>  > CC'ing Dave.
>  >
>  > Stephen Smalley (sds at tycho.nsa.gov) said:
>  > > In rawhide, /sbin/init has been changed to use a libselinux helper
>  > > function to load policy that is more resilient in several respects, and
>  > > I think that the plan was to back port those changes to FC3 if/when a
>  > > 2.6.14 kernel is released for it.
>  >
>  > 2.6.14 for FC3 isn't planned, as far as I know.
>
> Correct. FC3 will stay at 2.6.12 until end of life.
> Any remaining kernel updates will likely be security errata only
> at this point.
>
>  > > FC4 is still ok since there has only
>  > > been one version increment since it was shipped, but will encounter the
>  > > same issue when/if another version increment occurs and the
>  > > corresponding kernel is released for it, so it should also get the
>  > > new /sbin/init and libselinux helper code.
>  >
>  > Hm, OK. We'll probably need poked again if/when that happens.
>
> FC4 will continue to rebase to newer upstream kernels until a few
> months before its end of life. (As has happened with FC3).
>
>                 Dave
>
>


--
rhp.lpt at gmail.com