Gene C. wrote:
On Friday 02 December 2005 14:20, Nicolas Mailhot wrote:
Le vendredi 02 décembre 2005 à 14:17 -0500, Stephen Smalley a écrit :
It isn't the number of nodes in /dev; it is the number of entries in file_contexts. And the slowdown should be improved/eliminated with recent changes in libselinux (1.27.28); let us know if it isn't. There are two changes in libselinux, one of which will have immediate benefit without requiring any changes to udev, and the other of which requires a small change to udev to take advantage of.
BTW today's rawhide segfaults on boot if run in enforcing mode
checkpolicy-1.27.19-1 selinux-policy-targeted-2.0.7-2 audit-1.1.1-1 audit-libs-1.1.1-1 audit-libs-1.1.1-1 libselinux-1.27.28-1 libselinux-1.27.28-1 libsepol-1.9.41-1 libsepol-1.9.41-1 libsemanage-1.3.61-1
Adding selinux=false to the boot arguments rescues the system
I also see a kernel panic after today's updates if selinux=enforcing
Reboot selinux=false single and change to selinux=permissive gets things working again.
Yesterday's policy package wiped out the policy.20 file, on yum update. We are no longer shipping policy.20 in the rpm, and the package post install creates it. Problem is the previous version was shipped with it and wipes it out on its post uninstall. Need to change the trigger on policy package to recreate policy.20.
selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site ftp://people.redhat.com/dwalsh/SELinux/Fedora
You can also do a semoudle -B /usr/share/selinux/targeted/base.pp to recreate the policy.20 file.
Do not reboot until you fix this or else init will crash because you have no policy.