| 1 |
I'm pretty overwhelmed by selinux...It doesn't really make all that much |
| 2 |
sense, but one thing that's been bothering me is what looks like a |
| 3 |
policy version mismatch after a kernel upgrade: |
| 4 |
|
| 5 |
# cat /selinux/policyvers |
| 6 |
17 |
| 7 |
|
| 8 |
Yet, |
| 9 |
|
| 10 |
# make load |
| 11 |
* Loading policy.15 |
| 12 |
|
| 13 |
And selinux does not function at all. (Entering enforcing mode just |
| 14 |
renders the system unusable.) The system worked fine in enforcing mode |
| 15 |
(with a few exceptions: djbdns/daemontools, and a few other minor |
| 16 |
things) with kernel 2.6.3-mm2. With kernels 2.6.5-mm1, 2.6.5-mm6 I get |
| 17 |
totally wonky, unpredictable behavior. (Like, I get asked for a login |
| 18 |
context sometimes, but not all the time.) I also don't get avc denied |
| 19 |
messages anymore, and a make relabel doesn't spit out errors, but a |
| 20 |
dmesg (after a make relabel) contains thousands of: |
| 21 |
|
| 22 |
inode_doinit_with_dentry: context_to_sid(system_u:object_r:opt_t) |
| 23 |
returned 22 for dev=md0 ino=96815665 |
| 24 |
|
| 25 |
Any ideas? |
| 26 |
|
| 27 |
Cheers, |
| 28 |
|
| 29 |
jon |
| 30 |
|
| 31 |
-- |
| 32 |
gentoo-hardened@g.o mailing list |
Archives