| 1 |
Now I changed to targeted policy, and it seems more easy to tame than |
| 2 |
strict policy. Becuase I use LVM to manage my disk and the |
| 3 |
filesystem's root is on an LVM partition, I need to use initramfs to |
| 4 |
make the kernel to recognize my root partiton. Without SELinux |
| 5 |
enforcing, everything works; but with it, system hangs with the |
| 6 |
following message: |
| 7 |
|
| 8 |
* Filesystem couldn't be fixed :( |
| 9 |
Give root password for maintenance |
| 10 |
... |
| 11 |
|
| 12 |
After giving the root password, I got a shell. Executing df command, I |
| 13 |
found my root is mounted on two devices: |
| 14 |
|
| 15 |
Filesystem ... Mounted on |
| 16 |
rootfs / |
| 17 |
/dev/vg0/slash / |
| 18 |
|
| 19 |
I use busybox in my initramfs. The initramfs of my system can be |
| 20 |
downloaded from http://lcs.ios.ac.cn/~scwang/docs/initramfs.tar.gz |
| 21 |
|
| 22 |
Any help on initramfs with SELinux support? |
| 23 |
|
| 24 |
BTW, it seems that SELinux support of Gentoo is dying! |
| 25 |
|
| 26 |
On Tue, Feb 03, 2009 at 09:23:45AM -0500, Chris PeBenito wrote: |
| 27 |
> On Mon, 2009-02-02 at 14:40 +0800, Shaochun Wang wrote: |
| 28 |
> > I tried to work with strict policy on enforcing mode. And almost all |
| 29 |
> > services can't function as expected. Any help? |
| 30 |
> |
| 31 |
> You'll have to be more specific. But one thing to note is that it |
| 32 |
> hasn't been updated for baselayout-2 (which should be masked on the |
| 33 |
> selinux profiles). |
| 34 |
> |
| 35 |
> -- |
| 36 |
> Chris PeBenito |
| 37 |
> <pebenito@g.o> |
| 38 |
> Developer, |
| 39 |
> Hardened Gentoo Linux |
| 40 |
> |
| 41 |
> Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 42 |
> Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
-- |
| 47 |
Shaochun Wang <scwang@××××××.cn> |
| 48 |
|
| 49 |
Jabber: fungusw@××××××.org |
Archives