On Thu, 2004-05-27 at 14:45, Stephen Smalley wrote: > On Thu, 2004-05-27 at 04:39, Matthew East wrote: > > I cannot build and install a kernel with selinux enabled. Here is what > > happens towards the end of the modules_install stage: > > > if [ -r System.map ]; then /sbin/depmod -ae -F System.map -b > > /var/tmp/kernel-2.6.6-root -r 2.6.6; fi > > WARNING: Couldn't open directory > > /var/tmp/kernel-2.6.6-root/lib/modules/2.6.6: Permission denied > > FATAL: Could not open > > /var/tmp/kernel-2.6.6-root/lib/modules/2.6.6/modules.dep.temp for > > writing: Permission denied > > make[1]: *** [_modinst_post] Error 1 > > error: Bad exit status from /var/tmp/rpm-tmp.11877 (%install) > > Add 'tmp_domain(depmod)' to > /etc/security/selinux/src/policy/domains/program/modutils.te and do a > 'make load' in /etc/security/selinux/src/policy. yum install > policy-sources if you don't already have it. Ok will try this. > > p.s. Just for the record, or in case they are useful, here are the error > > messages I get when booting my new kernel which was compiled with > > selinux set to permissive. > > > > Freeing unused kernel memory: 160k freed > > security: 5 users, 7 roles, 1244 types, 1 bools > > security: 30 classes, 303377 rules > > SELinux: Completing initialization. > > SELinux: Setting up existing superblocks. > > SELinux: initialized (dev , type selinuxfs), uses genfs_contexts > > SELinux: initialized (dev hda2, type ext3), uses xattr > > audit(1085619351.268:0): avc: denied { ioctl } for pid=164 > > exe=/bin/bash path=/dev/null dev=hda2 ino=283937 > > scontext=system_u:system_r:kernel_t > > tcontext=system_u:object_r:unlabeled_t tclass=chr_file > > audit(1085619351.271:0): avc: denied { getattr } for pid=176 > > exe=/bin/bash path=/etc/hotplug dev=hda2 ino=49185 > > scontext=system_u:system_r:kernel_t > > tcontext=system_u:object_r:unlabeled_t tclass=dir > > Very odd; these certainly shouldn't be unlabeled_t. What does a > getfilecon /etc/hotplug (or any of these files that are showing up with > unlabeled_t) show? I'm afraid I've removed the custom kernel so I can't tell you. I assumed that the reason was that I'd compiled and installed the kernel with selinux as permissive. In any case, under my current setup with the fedora default kernel: [matt@localhost matt]$ getfilecon /etc/hotplug /etc/hotplug system_u:object_r:hotplug_etc_t To be honest my system is a bit strange at the moment, and I've put selinux back in permissive mode, as I keep finding strange things that I can't do with it in enforcing mode with no error messages (e.g. Openoffice.org doesn't open and I can't do a "glxgears" - weird huh?!) So it's probably that I've done something wrong. The installation of fedora was of test 2 and I've been updating it until Core 2. So maybe a clean install would be a good idea. Thanks very much for all your help.