| 1 |
On Tue, 2003-11-04 at 07:32, Petre Rodan wrote: |
| 2 |
> On Tue, Nov 04, 2003 at 12:19:35PM +0000, Mike Williams wrote: |
| 3 |
> > Sorted a normal installation and the followed the quickstart guide word for word. |
| 4 |
> > Worked like a charm up until just after Code listing 1.12. |
| 5 |
|
| 6 |
Ok, right there is a mistake, the policy should be loaded after 1.11. |
| 7 |
Unlike the old API, setfiles checks with the kernel to see what contexts |
| 8 |
are valid. If the policy isn't loaded, obviously none of the file |
| 9 |
contexts are valid. I'll fix the doc. |
| 10 |
|
| 11 |
There is also a problem with the error handling of python-selinux with |
| 12 |
"getfilecon returned an error" in the merging part. Getfilecon is the |
| 13 |
libselinux function to get a file's context, and it didn't have one. |
| 14 |
That needs to be handled correctly; Method already knows about it and |
| 15 |
will be fixing. |
| 16 |
|
| 17 |
> this happened to me too, |
| 18 |
> pls keep in mind that a `make relabel` should be preceded by a `make reload` if you use a selinux-enabled kernel. |
| 19 |
|
| 20 |
Was this in a convert from old API or convert from a default Gentoo |
| 21 |
install? If there is some stuff failing at 2.14 because it doesn't have |
| 22 |
any valid contexts, then either /selinux isn't mounted, or the policy |
| 23 |
isn't loaded. If the policy wasn't loaded, the initrd should be |
| 24 |
checked. |
| 25 |
|
| 26 |
-- |
| 27 |
Chris PeBenito |
| 28 |
<pebenito@g.o> |
| 29 |
Developer, SELinux |
| 30 |
Hardened Gentoo Linux |
| 31 |
|
| 32 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 33 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives