On Tuesday 17 May 2005 05:35, Jeremy Katz <katzj@xxxxxxxxxx> wrote: > On Mon, 2005-05-16 at 01:06 +1000, Russell Coker wrote: > > The domain anaconda_t seems to be unused (we should probably just delete > > anaconda.te). The installation process runs all initial programs from an > > initrd (gzip compressed cpio file). cpio has no support for SE Linux > > labels so no domain transitions occur and everything runs in kernel_t. > > Everything that's not in an initrd is in a cramfs file system (which also > > has no support for SE Linux labelling). This means that created files > > get the type of the directory - etc_t in the case of /etc/ld.so.cache. > > We never used label'ing of things in the initrd when it was an ext2 > image. The loader explicitly sets the exec context before running > anaconda to be system_u:object_r:anaconda_t if policy doesn't fail to > load. Look in /tmp/anaconda.log (or tty3) for errors about loading the > policy or setting the context. That's an invalid context. The correct value should be system_u:system_r:anaconda_t. The role object_r is only suitable for files on disk. The kernel does allow setting it though. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
