Major problems after upgrade from FC1

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Jul 14 17:52:45 UTC 2004


On Mon, 12 Jul 2004 13:48:55 EDT, Stephen Smalley <sds at epoch.ncsc.mil>  said:
> On Mon, 2004-07-12 at 13:50, A. Gautier wrote:
> > I am about to pull what little is left of my hair out.  I decided to
> > upgrade from FC1 to FC2 by pointing yum to a FC2 repository and upgrading
> > all packages.  This worked for the most part but I am having massive
> > problems with SELinux.
> 
> If you want to use SELinux, you need to initially label your
> filesystems, which wouldn't occur automatically on an upgrade (vs. a
> clean install).  Run 'fixfiles relabel' from single-user mode and
> reboot.  But if you don't want to use SELinux, you can disable it; put
> SELINUX=disabled in /etc/sysconfig/selinux (or /etc/selinux/config if
> using thte development tree) and be done with it.

Is it time we hacked up /sbin/init to do the following:

   if (selinux_enabled && (getfilecon("/etc") == NULL)) {
        printf("You need to run 'fixfiles relabel'");
        exit(1);
    }

or something similar, so people *know* what they did wrong?

One can also make the security case that if SELinux is disabled,
and init can convince itself the root filesystem isn't labelled, that
it should stop right there as a fail-safe?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040714/f20980da/attachment.bin 


More information about the selinux mailing list