[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-selinux-list
Subject:    RE: Kernel 2.6.14-1.1653 & selinux 1.27.1.-2.16
From:       Stephen Smalley <sds () tycho ! nsa ! gov>
Date:       2006-01-30 15:30:50
Message-ID: 1138635050.7076.52.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]

On Mon, 2006-01-30 at 13:47 +0200, G Jahchan wrote:
> I have not had time to do much testing, but first indications are that
> incorrect labeling was the culprit.
> 
> I initiated a boot-time relabeling. When done, I restarted the system (in
> permissive mode), switched to enforcing mode (/usr/sbin/setenforce 1) and was
> able to log in normally from tty1, (while su'd as root in tty0) though there
> are plenty of 'avc:  denied' messages in /var/log/messages and
> /var/log/audit/audit.log) that I need to look at.
> 
> I still have the problem of reported Boolean errors that are scrolling too fast
> to read as selinux loads at boot time, and do not seem to be logged anywhere.
> Can you help with those? All I was able to make up from the fast-scrolling
> display is the word 'mozilla' repeated four or five times in an error message,
> followed by a Boolean error message.

Likely just stale boolean settings in your booleans.local file, which
are just skipped with a warning.  To reproduce, run:
/usr/sbin/load_policy -b /etc/selinux/targeted/policy/policy.19

If you have any "boolean ... no longer in policy" messages, just remove
those lines from your /etc/selinux/targeted/booleans.local file.  

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread]