Stephen Smalley wrote:
On Fri, 2005-12-02 at 17:50 -0500, Daniel J Walsh wrote:
Yesterday's policy package wiped out the policy.20 file, on yum update.
We are no longer shipping policy.20 in the rpm, and the package post
install creates it. Problem is the previous version was shipped with
it and wipes it out on its post uninstall. Need to change the trigger
on policy package to recreate policy.20.
selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site
ftp://people.redhat.com/dwalsh/SELinux/Fedora
You can also do a
semoudle -B /usr/share/selinux/targeted/base.pp to recreate the
policy.20 file.
Do not reboot until you fix this or else init will crash because you
have no policy.
So why is init "crashing" rather than logging a message about the
failure to load policy and halting cleanly? Bug in libselinux or in
sysvinit-selinux.patch? I moved aside my policy.20 file to prevent
loading by init, rebooted with enforcing=0 single, and then ran a
trivial program that called the libselinux selinux_init_load_policy()
function under valgrind, and it returned -1 as expected without any
memory errors being reported, so libselinux seems to handle it
correctly. Hence, I would have expected init to log the "Enforcing mode
requested but no policy loaded. Halting now." message (from
sysvinit-selinux.patch) and then exit normally.
I think the message is being printed but not being flushed
I am putting a fix in init to make sure message comes out.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
