Kernel 2.6.14-1.1653 & selinux 1.27.1.-2.16
Stephen Smalley
sds at tycho.nsa.gov
Mon Jan 30 15:30:50 UTC 2006
On Mon, 2006-01-30 at 13:47 +0200, G Jahchan wrote:
> I have not had time to do much testing, but first indications are that
> incorrect labeling was the culprit.
>
> I initiated a boot-time relabeling. When done, I restarted the system (in
> permissive mode), switched to enforcing mode (/usr/sbin/setenforce 1) and was
> able to log in normally from tty1, (while su'd as root in tty0) though there
> are plenty of 'avc: denied' messages in /var/log/messages and
> /var/log/audit/audit.log) that I need to look at.
>
> I still have the problem of reported Boolean errors that are scrolling too fast
> to read as selinux loads at boot time, and do not seem to be logged anywhere.
> Can you help with those? All I was able to make up from the fast-scrolling
> display is the word 'mozilla' repeated four or five times in an error message,
> followed by a Boolean error message.
Likely just stale boolean settings in your booleans.local file, which
are just skipped with a warning. To reproduce, run:
/usr/sbin/load_policy -b /etc/selinux/targeted/policy/policy.19
If you have any "boolean ... no longer in policy" messages, just remove
those lines from your /etc/selinux/targeted/booleans.local file.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list