avc denied gone after reboot
Nicolas Mailhot
nicolas.mailhot at laposte.net
Fri Jan 27 16:51:53 UTC 2006
Le Ven 27 janvier 2006 17:29, Steve Brueckner a écrit :
> I'm creating an SELinux-enabled Xen VM on FC4. I create the file system
> for
> the VM by copying the filesystem from the underlying host. For the very
> first boot of the VM, I have it /.auotrelabel. However, when I then try
> to
> install an rpm inside the VM I get an avc denied, even though I can
> install
> the same rpm on the underlying host just fine. Even stranger, if I reboot
> the VM once, I then have no problem installing the rpm inside of it.
I strongly suspect autorelabel is WAY BROKEN right now, meaning in many
cases after a relabel the system should reboot but doesn't (ie the new
policy is not effective after the relabeling before a reboot has occurred,
in fact I wonder what exact policy mashup applies till then)
This could be related to
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178125
I haven't have the time to do a complete investigation I may be totally
wrong but that's how things look like from there
--
Nicolas Mailhot
More information about the fedora-selinux-list
mailing list