| 1 |
Hi, |
| 2 |
|
| 3 |
I have installed a small server with Gentoo hardened and SELinux for |
| 4 |
several months now. |
| 5 |
Everything worked just fine until I merged the latest stable SELinux |
| 6 |
packages(policycoreutils, libselinux, libsepol, ...). |
| 7 |
|
| 8 |
I encountered some linking problems which disappeared when I reemerged |
| 9 |
the packages. |
| 10 |
|
| 11 |
After reloading the policy I noticed that the output of sestatus was |
| 12 |
different. My basic output looked like this: |
| 13 |
|
| 14 |
SELinux status: enabled |
| 15 |
SELinuxfs mount: /selinux |
| 16 |
Current mode: enforcing |
| 17 |
Mode from config file: error (No such file or directory) |
| 18 |
Policy version: 20 |
| 19 |
Policy from config file: targeted |
| 20 |
|
| 21 |
OK, "targeted" sounds like FC, didn't spend too much time with that but |
| 22 |
when trying to emerge a package-update I've encountered problems with |
| 23 |
setting the correct file-context. It reported that |
| 24 |
/etc/selinux/targeted/.../file_contexts couldn't be found. |
| 25 |
|
| 26 |
I decided to install the whole SELinux-support and packages at zero. |
| 27 |
Booted kernel wihtout SE-support, changed make.profile, reemerged all |
| 28 |
packages with selinux dependencies, uninstalled every SELinux package. |
| 29 |
Then changed make.profile to selinux, booted kernel with SE-support, |
| 30 |
emerged SELinux-packages, loaded policy, reemerged all packages with |
| 31 |
selinux-flag, reemerged all required seliux-policy-files, reloaded |
| 32 |
policy and relabeled the whole harddisk. |
| 33 |
|
| 34 |
sestatus output looks now like this: |
| 35 |
|
| 36 |
SELinux status: enabled |
| 37 |
SELinuxfs mount: /selinux |
| 38 |
Current mode: enforcing |
| 39 |
Mode from config file: error (No such file or directory) |
| 40 |
Policy version: 20 |
| 41 |
Policy from config file: security |
| 42 |
|
| 43 |
All applications seem to work just fine in enforcing mode but I've still |
| 44 |
a bad feeling reading an error-message. |
| 45 |
|
| 46 |
Are there any known problems with the latest versions of the |
| 47 |
SELinux-packages? |
| 48 |
What does the "Mode from config file" message mean? (I think the output |
| 49 |
comes from a function in libselinux while checking some files in /etc?!) |
| 50 |
|
| 51 |
Every kind of help is welcome. |
| 52 |
|
| 53 |
|
| 54 |
Regards, |
| 55 |
|
| 56 |
|
| 57 |
Markus |
| 58 |
-- |
| 59 |
gentoo-hardened@g.o mailing list |
Archives