On Fri, 2005-12-02 at 17:50 -0500, Daniel J Walsh wrote: > Yesterday's policy package wiped out the policy.20 file, on yum update. > We are no longer shipping policy.20 in the rpm, and the package post > install creates it. Problem is the previous version was shipped with > it and wipes it out on its post uninstall. Need to change the trigger > on policy package to recreate policy.20. > > selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site > ftp://people.redhat.com/dwalsh/SELinux/Fedora > > You can also do a > semoudle -B /usr/share/selinux/targeted/base.pp to recreate the > policy.20 file. > > Do not reboot until you fix this or else init will crash because you > have no policy. So why is init "crashing" rather than logging a message about the failure to load policy and halting cleanly? Bug in libselinux or in sysvinit-selinux.patch? I moved aside my policy.20 file to prevent loading by init, rebooted with enforcing=0 single, and then ran a trivial program that called the libselinux selinux_init_load_policy() function under valgrind, and it returned -1 as expected without any memory errors being reported, so libselinux seems to handle it correctly. Hence, I would have expected init to log the "Enforcing mode requested but no policy loaded. Halting now." message (from sysvinit-selinux.patch) and then exit normally. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
