AW: Re: ext3 Filessyten in FC5-Test incompatible with other FC or RHEL versions
Stephen Smalley
sds at tycho.nsa.gov
Thu Dec 22 15:47:56 UTC 2005
On Thu, 2005-12-22 at 09:49 -0500, Stephen Smalley wrote:
> In FC5, the security contexts have been extended with an additional
> field for the Multi-Category Security (MCS) and Multi-Level Security
> (MLS) support, see
> http://www.livejournal.com/users/james_morris/5583.html
> and
> http://www.livejournal.com/users/james_morris/5020.html
>
> Older SELinux kernels with MLS support disabled (i.e. RHEL4/CentOS4,
> FC3, older FC4 kernels) will reject the extended security contexts as
> being invalid, which yields the error you are seeing. Some
> compatibility patches were upstreamed to help with this problem, and I
> think that they went into the latest FC4 kernel update, but I'm not sure
> about RHEL4 yet.
BTW, the MLS compatibility patch can't just be applied to the
RHEL4/CentOS4 kernel as is (the patch would have no real effect by
itself), because it depends on a prior patch that mainstreamed the MLS
code (turning it from a compile-time option that was disabled in RHEL4
to a load-time option). The MLS code isn't even built into the RHEL4
kernel currently. So the patch would have to be reworked for it.
--
Stephen Smalley
National Security Agency
More information about the test
mailing list