Gentoo Archives: gentoo-hardened

From:	"François Valenduc" <francois.valenduc@××××××××××.be>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] EXT4 and selinux
Date:	Thu, 10 Sep 2009 20:22:38
Message-Id:	`4AA9600A.9050606@tvcablenet.be`
In Reply to:	Re: [gentoo-hardened] EXT4 and selinux by Andrew John Hughes

1	Andrew John Hughes a écrit :
2	> 2009/9/10 François Valenduc <francois.valenduc@××××××××××.be>:
3	>
4	>> Andrew John Hughes a écrit :
5	>>
6	>>> 2009/9/5 François Valenduc <francois.valenduc@××××××××××.be>:
7	>>>
8	>>>
9	>>>> Magnus Granberg a écrit :
10	>>>>
11	>>>>
12	>>>>> On Saturday 05 September 2009 12.17.00 François Valenduc wrote:
13	>>>>>
14	>>>>>
15	>>>>>
16	>>>>>> Hello everybody,
17	>>>>>>
18	>>>>>> I have recently swicth my SElinux install from ext3 to ext4 and after
19	>>>>>> having changed the rlpkq script to also relabel ext4 filesystems, I get
20	>>>>>> the following errors:
21	>>>>>> /usr/sbin/setfiles set context
22	>>>>>> /usr/sbin/setfilecon->system_u:object_r:bin_t failed:'Operation not
23	>>>>>> supported'
24	>>>>>> However, I have enabled Ext4 Security labels in the kernel configuration.
25	>>>>>>
26	>>>>>> Does anybody know a solution to this problem ?
27	>>>>>> Thanks in advance for your help.
28	>>>>>>
29	>>>>>> François Valenduc
30	>>>>>>
31	>>>>>>
32	>>>>>>
33	>>>>> You need to update to policycoreutils-2.0.69 to get ext4 support.
34	>>>>> See bug #275369 http://bugs.gentoo.org/show_bug.cgi?id=275369
35	>>>>> ------
36	>>>>> Hardened-Development Overlay
37	>>>>> Magnus Granberg (Zorry) <zorry@×××.nu>
38	>>>>>
39	>>>>>
40	>>>>>
41	>>>>>
42	>>>>>
43	>>>> I have tried to upgrade policycoreutils to this version but it fails to
44	>>>> compile with this error:
45	>>>>
46	>>>> cc -Wl,-O1 semodule.o -lsepol -lselinux -lsemanage -L/usr/lib -o
47	>>>> semodulesemodule.o: In function `main':
48	>>>> semodule.c:(.text+0x803): undefined reference to
49	>>>> `semanage_module_upgrade_file'
50	>>>> semodule.c:(.text+0x84a): undefined reference to
51	>>>> `semanage_module_install_file'
52	>>>> semodule.c:(.text+0x8ae): undefined reference to
53	>>>> `semanage_module_install_base_file'
54	>>>> collect2: ld a retourné 1 code d'état d'exécution
55	>>>> make[1]: *** [semodule] Erreur 1
56	>>>> make[1]: quittant le répertoire «
57	>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69/semodule
58	>>>> »
59	>>>> make: *** [all] Erreur 1
60	>>>> make: quittant le répertoire «
61	>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69
62	>>>> »
63	>>>>
64	>>>>
65	>>>> I have looked in gentoo bugzilla and I didn't find anything which seems
66	>>>> similar to this error.
67	>>>>
68	>>>> François Valenduc
69	>>>>
70	>>>>
71	>>>>
72	>>>>
73	>>> Have you checked there aren't corresponding updates to libselinux,
74	>>> libsepol and libsemanage? This error suggests one or more of those
75	>>> libraries are out of date.
76	>>>
77	>>>
78	>> Indeed, upgrading libsepol, libsemanage and libselinux allowed
79	>> policycoreutils 2.0.69 to be compiled without error. However, it's still
80	>> impossible to relabel the filesystem. Now I don't see plenty of lines
81	>> indicating "Operation not supported" when I use rlpkg. But the files
82	>> remains unlabeled. Is it really possible to use ext4 and selinux ?
83	>>
84	>>
85	>
86	> There must be some way, as Fedora 11 ships with both.
87	> How recent is your kernel? ext4 is still in development.
88	>
89	>
90	>> Thanks for your help.
91	>>
92	>>
93	>>
94	>
95	>
96	>
97	>
98	I am using the brand new 2.6.31 kernel and I have enabled the following
99	options:
100	CONFIG_EXT4_FS=m
101	CONFIG_EXT4_FS_XATTR=y
102	CONFIG_EXT4_FS_POSIX_ACL=y
103	CONFIG_EXT4_FS_SECURITY=y
104	The problem also occured with kernels 2.6.30.x.
105
106	François Valenduc

Replies

Subject	Author
Re: [gentoo-hardened] EXT4 and selinux	"François Valenduc" <francois.valenduc@××××××××××.be>

Report Message

Find on MARC Find on Google Groups