[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: What severity would this SELinux denial have for the latest kernel?

Tom London wrote:
On Jan 3, 2008 3:37 PM, Antonio Olivares <olivares14031 yahoo com> wrote:

--- Jim Cornette <fct-cornette insight rr com> wrote:

I updated the kernel after installing the latest
mkinitrd package and
some errors were reported when pup finished. I also
got the attsched
SELinux error.
The other SELinux error with xdm_var_lib_t was
already mentioned in an
earlier post.


This has been reported and is being worked on (per posting on selinux list).

There is a simple workaround that 'works for me': remove the
improperly installed kernel package (via 'rpm -e' or 'yum remove'),
change to permissive mode, and redo the install of the kernel package
(via 'rpm -ivh' or 'yum update'). You can then change back to
enforcing mode.

This will not prevent the AVC, but the kernel installs properly and boots.

I suspect we will see this fixed in a real short time.



I tried to boot it upon a computer restart. Obviously the error caused problems. The SELinux errors effected an Fedora 8 kernel in the same way. Switching to permissive and uninstalling both the latest Fedora 8 kernel (Need it since /dev/rtc problem and network hang are still a problem with Fedora 9 kernels) and the latest Fedora 9 kernel hung at /dev/rtc and then after network was started. You are right about the logging of errors after setting SELinux to permissive. There were denials logged for both kernels on re-install.

SELinux errors are fixed fairly fast. The kernel locking (init portion anyway) and ati driver error are still there with the latest versions.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]