1 |
François Valenduc a écrit : |
2 |
> Andrew John Hughes a écrit : |
3 |
> |
4 |
>> 2009/9/10 François Valenduc <francois.valenduc@××××××××××.be>: |
5 |
>> |
6 |
>> |
7 |
>>> Andrew John Hughes a écrit : |
8 |
>>> |
9 |
>>> |
10 |
>>>> 2009/9/5 François Valenduc <francois.valenduc@××××××××××.be>: |
11 |
>>>> |
12 |
>>>> |
13 |
>>>> |
14 |
>>>>> Magnus Granberg a écrit : |
15 |
>>>>> |
16 |
>>>>> |
17 |
>>>>> |
18 |
>>>>>> On Saturday 05 September 2009 12.17.00 François Valenduc wrote: |
19 |
>>>>>> |
20 |
>>>>>> |
21 |
>>>>>> |
22 |
>>>>>> |
23 |
>>>>>>> Hello everybody, |
24 |
>>>>>>> |
25 |
>>>>>>> I have recently swicth my SElinux install from ext3 to ext4 and after |
26 |
>>>>>>> having changed the rlpkq script to also relabel ext4 filesystems, I get |
27 |
>>>>>>> the following errors: |
28 |
>>>>>>> /usr/sbin/setfiles set context |
29 |
>>>>>>> /usr/sbin/setfilecon->system_u:object_r:bin_t failed:'Operation not |
30 |
>>>>>>> supported' |
31 |
>>>>>>> However, I have enabled Ext4 Security labels in the kernel configuration. |
32 |
>>>>>>> |
33 |
>>>>>>> Does anybody know a solution to this problem ? |
34 |
>>>>>>> Thanks in advance for your help. |
35 |
>>>>>>> |
36 |
>>>>>>> François Valenduc |
37 |
>>>>>>> |
38 |
>>>>>>> |
39 |
>>>>>>> |
40 |
>>>>>>> |
41 |
>>>>>> You need to update to policycoreutils-2.0.69 to get ext4 support. |
42 |
>>>>>> See bug #275369 http://bugs.gentoo.org/show_bug.cgi?id=275369 |
43 |
>>>>>> ------ |
44 |
>>>>>> Hardened-Development Overlay |
45 |
>>>>>> Magnus Granberg (Zorry) <zorry@×××.nu> |
46 |
>>>>>> |
47 |
>>>>>> |
48 |
>>>>>> |
49 |
>>>>>> |
50 |
>>>>>> |
51 |
>>>>>> |
52 |
>>>>> I have tried to upgrade policycoreutils to this version but it fails to |
53 |
>>>>> compile with this error: |
54 |
>>>>> |
55 |
>>>>> cc -Wl,-O1 semodule.o -lsepol -lselinux -lsemanage -L/usr/lib -o |
56 |
>>>>> semodulesemodule.o: In function `main': |
57 |
>>>>> semodule.c:(.text+0x803): undefined reference to |
58 |
>>>>> `semanage_module_upgrade_file' |
59 |
>>>>> semodule.c:(.text+0x84a): undefined reference to |
60 |
>>>>> `semanage_module_install_file' |
61 |
>>>>> semodule.c:(.text+0x8ae): undefined reference to |
62 |
>>>>> `semanage_module_install_base_file' |
63 |
>>>>> collect2: ld a retourné 1 code d'état d'exécution |
64 |
>>>>> make[1]: *** [semodule] Erreur 1 |
65 |
>>>>> make[1]: quittant le répertoire « |
66 |
>>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69/semodule |
67 |
>>>>> » |
68 |
>>>>> make: *** [all] Erreur 1 |
69 |
>>>>> make: quittant le répertoire « |
70 |
>>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69 |
71 |
>>>>> » |
72 |
>>>>> |
73 |
>>>>> |
74 |
>>>>> I have looked in gentoo bugzilla and I didn't find anything which seems |
75 |
>>>>> similar to this error. |
76 |
>>>>> |
77 |
>>>>> François Valenduc |
78 |
>>>>> |
79 |
>>>>> |
80 |
>>>>> |
81 |
>>>>> |
82 |
>>>>> |
83 |
>>>> Have you checked there aren't corresponding updates to libselinux, |
84 |
>>>> libsepol and libsemanage? This error suggests one or more of those |
85 |
>>>> libraries are out of date. |
86 |
>>>> |
87 |
>>>> |
88 |
>>>> |
89 |
>>> Indeed, upgrading libsepol, libsemanage and libselinux allowed |
90 |
>>> policycoreutils 2.0.69 to be compiled without error. However, it's still |
91 |
>>> impossible to relabel the filesystem. Now I don't see plenty of lines |
92 |
>>> indicating "Operation not supported" when I use rlpkg. But the files |
93 |
>>> remains unlabeled. Is it really possible to use ext4 and selinux ? |
94 |
>>> |
95 |
>>> |
96 |
>>> |
97 |
>> There must be some way, as Fedora 11 ships with both. |
98 |
>> How recent is your kernel? ext4 is still in development. |
99 |
>> |
100 |
>> |
101 |
>> |
102 |
>>> Thanks for your help. |
103 |
>>> |
104 |
>>> |
105 |
>>> |
106 |
>>> |
107 |
>> |
108 |
>> |
109 |
>> |
110 |
> I am using the brand new 2.6.31 kernel and I have enabled the following |
111 |
> options: |
112 |
> CONFIG_EXT4_FS=m |
113 |
> CONFIG_EXT4_FS_XATTR=y |
114 |
> CONFIG_EXT4_FS_POSIX_ACL=y |
115 |
> CONFIG_EXT4_FS_SECURITY=y |
116 |
> The problem also occured with kernels 2.6.30.x. |
117 |
> |
118 |
> François Valenduc |
119 |
> |
120 |
> |
121 |
> |
122 |
After having looked in dmesg, I find lines like this one when an ext4 |
123 |
partition is mounted: |
124 |
SELinux: initialized (dev dm-4, type ext4), not configured for labeling |
125 |
So, my question is how to configure an ext4 partition for labelling ? |
126 |
|
127 |
François Valenduc |