On Fri, 2009-09-18 at 07:34 -0400, Daniel J Walsh wrote: > On 09/17/2009 09:39 PM, Yuan Yijun wrote: > > 2009/9/18 Steve Grubb <sgrubb@xxxxxxxxxx>: > >> hi, > >> > >> What's happened in our rawhide boot sequence that cause selinux to not be > >> running anymore? Selinux is not disabled in the grub.conf kernel line and > >> sestatus shows its disabled. There is nothing in the system logs saying that > >> there was a problem. > >> > > > > I encountered this problem as well, but don't know why. It happens > > when I am trying different kernels among some recent builds (starting > > from 0.104 to 1.14). I guess there is a incompatible between older > > kernels and the policy; when you install a kernel while SELinux is > > disabled, it may cause future problems. Do you expect SELinux to be > > enabled automatically? I usually enable SELinux by doing a relabel, > > then install the kernel again. > > > > > > > Hopefully this is just a problem of coordination between the old way of doing things and the new new. > Dracut found a bug where it could not load_policy on separate /usr partitions because it needed to execute > /usr/sbin/load_policy (obviously). I moved load_policy from /usr/sbin to /sbin. This caused some other apps > problems because they were hard coded to look for /usr/sbin. Recently I fixed this by adding a symbolic link > and fixing the libraries that blew up. Why can't dracut just directly invoke the libselinux interface (selinux_init_load_policy)? Then you don't have to care where the load_policy program lives. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
