Re: SELinux silently disabled on boot under 2.6.14/2.6.14.2 on FC3 system ?
15-nov-05
Hello Dave, Bill, & Stephen:
Ok. thanks for the information, I can live with that and just use the
2.6.12-FC3 source for any further upgrades in the FC3 kernel rather
than pulling from kernel.org.
Would there be any benefit in installing the rawhide /sbin/init on a
FC3 box ? I'm rather ambivalent about upgrading to FC4 at this point
given FC5 is scheduled for February.
FWIW: I did try booting 'enforcing' with 2.6.14 earlier just to see
what would happen and, if memory serves, I got a kernel panic on 'no
policy loaded' but I didn't pursue it as I got distracted by the
'xattr red herring'
Brgds
Bob
On 11/15/05, Dave Jones <davej(a)redhat.com> wrote:
On Mon, Nov 14, 2005 at 12:07:00PM -0500, Bill Nottingham wrote:
> CC'ing Dave.
>
> Stephen Smalley (sds(a)tycho.nsa.gov) said:
> > In rawhide, /sbin/init has been changed to use a libselinux helper
> > function to load policy that is more resilient in several respects, and
> > I think that the plan was to back port those changes to FC3 if/when a
> > 2.6.14 kernel is released for it.
>
> 2.6.14 for FC3 isn't planned, as far as I know.
Correct. FC3 will stay at 2.6.12 until end of life.
Any remaining kernel updates will likely be security errata only
at this point.
> > FC4 is still ok since there has only
> > been one version increment since it was shipped, but will encounter the
> > same issue when/if another version increment occurs and the
> > corresponding kernel is released for it, so it should also get the
> > new /sbin/init and libselinux helper code.
>
> Hm, OK. We'll probably need poked again if/when that happens.
FC4 will continue to rebase to newer upstream kernels until a few
months before its end of life. (As has happened with FC3).
Dave
--
rhp.lpt(a)gmail.com