[fedora-arm] SELinux on F11 on ARM (in QEMU)?

Per Nystrom pnystrom at netmagic.net
Fri Oct 23 16:14:56 UTC 2009 

On Thu, 2009-10-22 at 21:54 -0700, Per Nystrom wrote:
> On Thu, 2009-10-22 at 15:20 -0400, Steve Grubb wrote:
> > On Thursday 22 October 2009 12:56:02 pm Steve Grubb wrote:
> > > > To begin with let us at least keep the patch around/accessible. If it
> > > > works for you, I'll spin a pre-built fc11/fc12 rpm with that patch for
> > > > users to pick up.
> > > 
> > > It might be possible to port the patch to upstart. This is the
> > > patch in question:
> > 
> > Here's a srpm for anyone that wants to try this out.
> > 
> > http://people.redhat.com/sgrubb/files/upstart-0.3.11-2.fc11.src.rpm
> > 
> > No idea if it loads policy, but my system still boots with the patch applied. 
> > (I don't have a kernel with selinux enabled.)
> > 
> 
> Thanks Steve.  I'll try to find some time to fiddle with it this weekend
> and report back.

I couldn't wait for the weekend.  I compiled and installed your patched
srpm and I think we're making progress.  But now I get a whole lot of
messages like below during boot and then it comes up in maintenance
mode.  From within maintenance mode I can do this:

(Repair filesystem) 1 # sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 24
Policy from config file:        targeted

But I have nothing in /dev/ except console, null, and zero so I can't
actually fsck root.  Not that it really needs it -- when I reboot with
selinux=0 it comes up normally and with a clean root filesystem.

So I can confirm that the patch doesn't break anything if selinux is
disabled, but we're not quite there yet for selinux without initrd.

Thanks again,
Per

-----

		Welcome to Fedora 
		Press 'I' to enter interactive startup.
Starting udev: mount: wrong fs type, bad option, bad superblock on none,
       missing codepage or helper program, or other error
       (for several filesystems (e.g. nfs, cifs) you might
       need a /sbin/mount.<type> helper program)
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

mkdir: cannot create directory `/dev/pts': Read-only file system
mkdir: cannot create directory `/dev/shm': Read-only file system
ln: creating symbolic link `/dev/fd': Read-only file system
ln: creating symbolic link `/dev/stdin': Read-only file system
ln: creating symbolic link `/dev/stdout': Read-only file system
ln: creating symbolic link `/dev/stderr': Read-only file system
ln: creating symbolic link `/dev/core': Read-only file system
mkdir: cannot create directory `/dev/pts': Read-only file system
mkdir: cannot create directory `/dev/shm': Read-only file system
ln: creating symbolic link `/dev/MAKEDEV': Read-only file system
mkdir: cannot create directory `/dev/net': Read-only file system
/bin/mknod: `/dev/loop0': Read-only file system
/bin/chown: cannot access `/dev/loop0': No such file or directory
/bin/mknod: `/dev/loop1': Read-only file system
/bin/chown: cannot access `/dev/loop1': No such file or directory
/bin/mknod: `/dev/loop2': Read-only file system
/bin/chown: cannot access `/dev/loop2': No such file or directory
/bin/mknod: `/dev/loop3': Read-only file system
/bin/chown: cannot access `/dev/loop3': No such file or directory
/bin/mknod: `/dev/loop4': Read-only file system
/bin/chown: cannot access `/dev/loop4': No such file or directory
/bin/mknod: `/dev/loop5': Read-only file system
/bin/chown: cannot access `/dev/loop5': No such file or directory
/bin/mknod: `/dev/loop6': Read-only file system
/bin/chown: cannot access `/dev/loop6': No such file or directory
/bin/mknod: `/dev/loop7': Read-only file system
/bin/chown: cannot access `/dev/loop7': No such file or directory
/bin/mknod: `/dev/net/tun': No such file or directory
/bin/chown: cannot access `/dev/net/tun': No such file or directory
/bin/mknod: `/dev/ppp': Read-only file system
/bin/chown: cannot access `/dev/ppp': No such file or directory
/bin/mknod: `/dev/lp0': Read-only file system
/bin/chown: cannot access `/dev/lp0': No such file or directory
/bin/mknod: `/dev/lp1': Read-only file system
/bin/chown: cannot access `/dev/lp1': No such file or directory
/bin/mknod: `/dev/lp2': Read-only file system
/bin/chown: cannot access `/dev/lp2': No such file or directory
/bin/mknod: `/dev/lp3': Read-only file system
/bin/chown: cannot access `/dev/lp3': No such file or directory
/sbin/restorecon:  stat error on /dev/loop0:  No such file or directory
/sbin/restorecon:  stat error on /dev/loop1:  No such file or directory
/sbin/restorecon:  stat error on /dev/loop2:  No such file or directory
/sbin/restorecon:  stat error on /dev/loop3:  No such file or directory
/sbin/restorecon:  stat error on /dev/loop4:  No such file or directory
/sbin/restorecon:  stat error on /dev/loop5:  No such file or directory
/sbin/restorecon:  stat error on /dev/loop6:  No such file or directory
/sbin/restorecon:  stat error on /dev/loop7:  No such file or directory
/sbin/restorecon:  stat error on /dev/net/tun:  No such file or
directory
/sbin/restorecon:  stat error on /dev/ppp:  No such file or directory
/sbin/restorecon:  stat error on /dev/lp0:  No such file or directory
/sbin/restorecon:  stat error on /dev/lp1:  No such file or directory
/sbin/restorecon:  stat error on /dev/lp2:  No such file or directory
/sbin/restorecon:  stat error on /dev/lp3:  No such file or directory
udevd[413]: rmdir(/dev/.udev) failed: Read-only file system

udevd[413]: rmdir(/dev/.udev) failed: Read-only file system

udevd-event[450]: unable to create db file '/dev/.udev/db/\x2fdevices
\x2fdev:e8\x2frtc\x2frtc0': No such file or directory

..... many, many more udevd-event messages of the same type

More information about the arm mailing list