1 |
Andrew John Hughes a écrit : |
2 |
> 2009/9/10 François Valenduc <francois.valenduc@××××××××××.be>: |
3 |
> |
4 |
>> Andrew John Hughes a écrit : |
5 |
>> |
6 |
>>> 2009/9/5 François Valenduc <francois.valenduc@××××××××××.be>: |
7 |
>>> |
8 |
>>> |
9 |
>>>> Magnus Granberg a écrit : |
10 |
>>>> |
11 |
>>>> |
12 |
>>>>> On Saturday 05 September 2009 12.17.00 François Valenduc wrote: |
13 |
>>>>> |
14 |
>>>>> |
15 |
>>>>> |
16 |
>>>>>> Hello everybody, |
17 |
>>>>>> |
18 |
>>>>>> I have recently swicth my SElinux install from ext3 to ext4 and after |
19 |
>>>>>> having changed the rlpkq script to also relabel ext4 filesystems, I get |
20 |
>>>>>> the following errors: |
21 |
>>>>>> /usr/sbin/setfiles set context |
22 |
>>>>>> /usr/sbin/setfilecon->system_u:object_r:bin_t failed:'Operation not |
23 |
>>>>>> supported' |
24 |
>>>>>> However, I have enabled Ext4 Security labels in the kernel configuration. |
25 |
>>>>>> |
26 |
>>>>>> Does anybody know a solution to this problem ? |
27 |
>>>>>> Thanks in advance for your help. |
28 |
>>>>>> |
29 |
>>>>>> François Valenduc |
30 |
>>>>>> |
31 |
>>>>>> |
32 |
>>>>>> |
33 |
>>>>> You need to update to policycoreutils-2.0.69 to get ext4 support. |
34 |
>>>>> See bug #275369 http://bugs.gentoo.org/show_bug.cgi?id=275369 |
35 |
>>>>> ------ |
36 |
>>>>> Hardened-Development Overlay |
37 |
>>>>> Magnus Granberg (Zorry) <zorry@×××.nu> |
38 |
>>>>> |
39 |
>>>>> |
40 |
>>>>> |
41 |
>>>>> |
42 |
>>>>> |
43 |
>>>> I have tried to upgrade policycoreutils to this version but it fails to |
44 |
>>>> compile with this error: |
45 |
>>>> |
46 |
>>>> cc -Wl,-O1 semodule.o -lsepol -lselinux -lsemanage -L/usr/lib -o |
47 |
>>>> semodulesemodule.o: In function `main': |
48 |
>>>> semodule.c:(.text+0x803): undefined reference to |
49 |
>>>> `semanage_module_upgrade_file' |
50 |
>>>> semodule.c:(.text+0x84a): undefined reference to |
51 |
>>>> `semanage_module_install_file' |
52 |
>>>> semodule.c:(.text+0x8ae): undefined reference to |
53 |
>>>> `semanage_module_install_base_file' |
54 |
>>>> collect2: ld a retourné 1 code d'état d'exécution |
55 |
>>>> make[1]: *** [semodule] Erreur 1 |
56 |
>>>> make[1]: quittant le répertoire « |
57 |
>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69/semodule |
58 |
>>>> » |
59 |
>>>> make: *** [all] Erreur 1 |
60 |
>>>> make: quittant le répertoire « |
61 |
>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69 |
62 |
>>>> » |
63 |
>>>> |
64 |
>>>> |
65 |
>>>> I have looked in gentoo bugzilla and I didn't find anything which seems |
66 |
>>>> similar to this error. |
67 |
>>>> |
68 |
>>>> François Valenduc |
69 |
>>>> |
70 |
>>>> |
71 |
>>>> |
72 |
>>>> |
73 |
>>> Have you checked there aren't corresponding updates to libselinux, |
74 |
>>> libsepol and libsemanage? This error suggests one or more of those |
75 |
>>> libraries are out of date. |
76 |
>>> |
77 |
>>> |
78 |
>> Indeed, upgrading libsepol, libsemanage and libselinux allowed |
79 |
>> policycoreutils 2.0.69 to be compiled without error. However, it's still |
80 |
>> impossible to relabel the filesystem. Now I don't see plenty of lines |
81 |
>> indicating "Operation not supported" when I use rlpkg. But the files |
82 |
>> remains unlabeled. Is it really possible to use ext4 and selinux ? |
83 |
>> |
84 |
>> |
85 |
> |
86 |
> There must be some way, as Fedora 11 ships with both. |
87 |
> How recent is your kernel? ext4 is still in development. |
88 |
> |
89 |
> |
90 |
>> Thanks for your help. |
91 |
>> |
92 |
>> |
93 |
>> |
94 |
> |
95 |
> |
96 |
> |
97 |
> |
98 |
I am using the brand new 2.6.31 kernel and I have enabled the following |
99 |
options: |
100 |
CONFIG_EXT4_FS=m |
101 |
CONFIG_EXT4_FS_XATTR=y |
102 |
CONFIG_EXT4_FS_POSIX_ACL=y |
103 |
CONFIG_EXT4_FS_SECURITY=y |
104 |
The problem also occured with kernels 2.6.30.x. |
105 |
|
106 |
François Valenduc |