Archives
Archives
| From: | Krzysztof Nowicki <krissn@××.pl> |
|---|---|
| To: | gentoo-hardened@l.g.o |
| Subject: | [gentoo-hardened] Using sys-kernel/dracut with SELinux |
| Date: | Wed, 06 Mar 2013 11:15:44 |
| Message-Id: | 9502074-de54a24b06212bea07351783e1a7bb57@pmq2.m5r2.onet |
| 1 | Hi, |
| 2 | |
| 3 | I'm trying to migrate a machine to SELinux. I was able to run all the steps related to the kernel, packages and filesystem. The system boots fine in permissive mode but I'm getting a lot of AVC denials related to /run. The obvious suspect would the lack of proper labelling so I checked the fstab and verified that the /run filesystem is present with the correct rootcontext option. To my surprise however the /run filesystem is still mounted without the rootcontext option. |
| 4 | |
| 5 | I've spent some time tracking this down and eventually found out that the issue is related to the Dracut initramfs. The init script mounts /run from there. Obviously the the mount options are hard-coded and rootcontext is not among them. |
| 6 | |
| 7 | So I tried to edit the Dracut's init script (/usr/lib64/dracut/modules.d/99base/init.sh) to append the rootcontext option to the mount /run line, but surprisingly it was completely ignored. |
| 8 | |
| 9 | Did anybody hit a similar problem? |
| 10 | |
| 11 | Regards |
| 12 | Chris |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] Using sys-kernel/dracut with SELinux | Hinnerk van Bruinehsen <h.v.bruinehsen@×××××××××.de> |
| Re: [gentoo-hardened] Using sys-kernel/dracut with SELinux | Sven Vermeulen <swift@g.o> |