On 12/2/05, Tom London <selinux@xxxxxxxxx> wrote: > On 12/2/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > Gene C. wrote: > > > On Friday 02 December 2005 14:20, Nicolas Mailhot wrote: > > > > > >> Le vendredi 02 décembre 2005 à 14:17 -0500, Stephen Smalley a écrit : > > >> > > >>> It isn't the number of nodes in /dev; it is the number of entries in > > >>> file_contexts. And the slowdown should be improved/eliminated with > > >>> recent changes in libselinux (1.27.28); let us know if it isn't. There > > >>> are two changes in libselinux, one of which will have immediate benefit > > >>> without requiring any changes to udev, and the other of which requires a > > >>> small change to udev to take advantage of. > > >>> > > >> BTW today's rawhide segfaults on boot if run in enforcing mode > > >> > > >> checkpolicy-1.27.19-1 > > >> selinux-policy-targeted-2.0.7-2 > > >> audit-1.1.1-1 > > >> audit-libs-1.1.1-1 > > >> audit-libs-1.1.1-1 > > >> libselinux-1.27.28-1 > > >> libselinux-1.27.28-1 > > >> libsepol-1.9.41-1 > > >> libsepol-1.9.41-1 > > >> libsemanage-1.3.61-1 > > >> > > >> Adding selinux=false to the boot arguments rescues the system > > >> > > > > > > I also see a kernel panic after today's updates if selinux=enforcing > > > > > > Reboot selinux=false single > > > and change to selinux=permissive gets things working again. > > > > > Yesterday's policy package wiped out the policy.20 file, on yum update. > > We are no longer shipping policy.20 in the rpm, and the package post > > install creates it. Problem is the previous version was shipped with > > it and wipes it out on its post uninstall. Need to change the trigger > > on policy package to recreate policy.20. > > > > selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site > > ftp://people.redhat.com/dwalsh/SELinux/Fedora > > > > You can also do a > > semoudle -B /usr/share/selinux/targeted/base.pp to recreate the > > policy.20 file. > > > > Do not reboot until you fix this or else init will crash because you > > have no policy. > > > > -- > No joy? > > [root@tlondon Downloads]# rpm -Uvh selinux-policy-targeted-2.0.8-1.noarch.rpm > Preparing... ########################################### [100%] > 1:selinux-policy-targeted########################################### [100%] > libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy > libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no > longer in policy > libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy > libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy > libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy > libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no > longer in policy > /usr/sbin/load_policy: Can't load policy: Invalid argument > libsemanage.semanage_reload_policy: load_policy returned error code 2. > libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy > libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no > longer in policy > libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy > libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy > libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy > libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no > longer in policy > /usr/sbin/load_policy: Can't load policy: Invalid argument > libsemanage.semanage_reload_policy: load_policy returned error code 2. > Failed! > libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy > libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no > longer in policy > libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy > libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy > libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy > libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no > longer in policy > /usr/sbin/load_policy: Can't load policy: Invalid argument > libsemanage.semanage_reload_policy: load_policy returned error code 2. > libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy > libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no > longer in policy > libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy > libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy > libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy > libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no > longer in policy > /usr/sbin/load_policy: Can't load policy: Invalid argument > libsemanage.semanage_reload_policy: load_policy returned error code 2. > Failed! > Hmmm. Despite the above, rebooting 'works'. Relabeling now succeeds in 'catching' some unlabeled_t that did not get properly labeled before (e.g., /sbin/pam_console_apply). tom -- Tom London -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
