SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: selinux-policy-mls is now available for your testing pleasure. This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Maybe in reply to ] [ Next in thread ] From: Paul Moore <paul.moore_at_hp.com> Date: Wed, 20 Apr 2005 08:54:55 -0400 James Morris wrote: > On Tue, 19 Apr 2005, Paul Moore wrote: > > >> 5 Enabled the MLS policy via the Fedora GUI tool and ensured that the >> relabel option was selected >> 6 Rebooted with the new MLS policy only to have the machine lock, >> it wasn't able to execute something related to init (I should have >> taken better notes here - sorry) > > > You still need to perform the manual mointpoint relabeling per the MLS > readme. > Yup, figured that one out the hard way ... ;) ... just figured I would mention it here since Dan's original post didn't make any reference to having to do any manual relabel operations. >>10 Rebooted with 'single' and noticed lots of permission denied >> messages pertaining to '/dev/.udevdb/' files > > Odd, I haven't seen that.* Taking a bit of a closer look, the files with a permission denied error seem to be missing a SELinux context as well as any permission flags as well as an owner and group (ls -Z fills the fields in with a '?'). I'll try fixing them manually (or maybe just deleting them since it looks like udev recreates them on boot anyway) and see what happens. > Did you update to all of the new SELinux packages in Dan's FTP directory? Not originally no, but looking at them this morning all the versions I have installed are the same versions as Dan's or newer. I also noticed that Dan setup that directory as a YUM repository so I added it to my list and did a yum update - no new/updated packages. >>12 Rebooted normally, i.e. 'rhgb quiet 5', and X failed to start > > > Haven't tried X yet, not sure it's supposed to work. > > > - James -- . paul moore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . paul.moore@hp.com hewlett packard . (603) 884-5056 linux security -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 20 Apr 2005 - 08:59:53 EDT This message: [ Message body ] Next message: James Carter: "CVS Policy on Sourceforge Updated" Previous message: Stephen Smalley: "Re: attributes on the other end of a network connection" Maybe in reply to: Daniel J Walsh: "selinux-policy-mls is now available for your testing pleasure." Next in thread: jrdesai18-tech_at_yahoo.com: "Re: selinux-policy-mls is now available for your testing pleasure." Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom