1 |
Now I changed to targeted policy, and it seems more easy to tame than |
2 |
strict policy. Becuase I use LVM to manage my disk and the |
3 |
filesystem's root is on an LVM partition, I need to use initramfs to |
4 |
make the kernel to recognize my root partiton. Without SELinux |
5 |
enforcing, everything works; but with it, system hangs with the |
6 |
following message: |
7 |
|
8 |
* Filesystem couldn't be fixed :( |
9 |
Give root password for maintenance |
10 |
... |
11 |
|
12 |
After giving the root password, I got a shell. Executing df command, I |
13 |
found my root is mounted on two devices: |
14 |
|
15 |
Filesystem ... Mounted on |
16 |
rootfs / |
17 |
/dev/vg0/slash / |
18 |
|
19 |
I use busybox in my initramfs. The initramfs of my system can be |
20 |
downloaded from http://lcs.ios.ac.cn/~scwang/docs/initramfs.tar.gz |
21 |
|
22 |
Any help on initramfs with SELinux support? |
23 |
|
24 |
BTW, it seems that SELinux support of Gentoo is dying! |
25 |
|
26 |
On Tue, Feb 03, 2009 at 09:23:45AM -0500, Chris PeBenito wrote: |
27 |
> On Mon, 2009-02-02 at 14:40 +0800, Shaochun Wang wrote: |
28 |
> > I tried to work with strict policy on enforcing mode. And almost all |
29 |
> > services can't function as expected. Any help? |
30 |
> |
31 |
> You'll have to be more specific. But one thing to note is that it |
32 |
> hasn't been updated for baselayout-2 (which should be masked on the |
33 |
> selinux profiles). |
34 |
> |
35 |
> -- |
36 |
> Chris PeBenito |
37 |
> <pebenito@g.o> |
38 |
> Developer, |
39 |
> Hardened Gentoo Linux |
40 |
> |
41 |
> Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
42 |
> Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
43 |
|
44 |
|
45 |
|
46 |
-- |
47 |
Shaochun Wang <scwang@××××××.cn> |
48 |
|
49 |
Jabber: fungusw@××××××.org |