On Wed, 10 Mar 2004 22:24, "Stephen C. Tweedie" <sct@xxxxxxxxxx> wrote:
> > If you accidentally boot a non-SE kernel then /etc/mtab and a few other
> > files
> > will get the wrong label, which will be really annoying for you.
>
> Yep, I noticed that one too. Hard to miss it when the box won't boot.
/etc/mtab is a special case in that it's quite trivial and also very annoying.
I will change the policy to allow mount_t to read and unlink file_t:file.
Then it should be able to do it's stuff.
Please put the following in your policy and see if it solves things for you
next time you boot a non-SE kernel (sorry I don't have a machine I feel like
booting a non-SE kernel on at the moment).
allow mount_t file_t:file { getattr read unlink };
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
