install of kernel-2.6.7-1.492: mkinitrd fails in strict/enforcing .......

Russell Coker russell at coker.com.au
Sat Jul 17 01:39:43 UTC 2004


> To fix, I'd suggest adding getattr to any allow rule where read
> permission is granted in bootloader.te, or replacing uses of "read" with
> the r_file_perms macro.

The attached patch is needed to make it complete.  However this is something 
we may want to reconsider, currently we don't include policy in the initrd so 
bootloader_t has no need to read it.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-diff
Size: 509 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040717/e52b0b4c/attachment.bin 


More information about the selinux mailing list