1 |
On Tue, 2003-11-04 at 07:32, Petre Rodan wrote: |
2 |
> On Tue, Nov 04, 2003 at 12:19:35PM +0000, Mike Williams wrote: |
3 |
> > Sorted a normal installation and the followed the quickstart guide word for word. |
4 |
> > Worked like a charm up until just after Code listing 1.12. |
5 |
|
6 |
Ok, right there is a mistake, the policy should be loaded after 1.11. |
7 |
Unlike the old API, setfiles checks with the kernel to see what contexts |
8 |
are valid. If the policy isn't loaded, obviously none of the file |
9 |
contexts are valid. I'll fix the doc. |
10 |
|
11 |
There is also a problem with the error handling of python-selinux with |
12 |
"getfilecon returned an error" in the merging part. Getfilecon is the |
13 |
libselinux function to get a file's context, and it didn't have one. |
14 |
That needs to be handled correctly; Method already knows about it and |
15 |
will be fixing. |
16 |
|
17 |
> this happened to me too, |
18 |
> pls keep in mind that a `make relabel` should be preceded by a `make reload` if you use a selinux-enabled kernel. |
19 |
|
20 |
Was this in a convert from old API or convert from a default Gentoo |
21 |
install? If there is some stuff failing at 2.14 because it doesn't have |
22 |
any valid contexts, then either /selinux isn't mounted, or the policy |
23 |
isn't loaded. If the policy wasn't loaded, the initrd should be |
24 |
checked. |
25 |
|
26 |
-- |
27 |
Chris PeBenito |
28 |
<pebenito@g.o> |
29 |
Developer, SELinux |
30 |
Hardened Gentoo Linux |
31 |
|
32 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
33 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |