The context labels now appear to be correct except for those created by 'depmod', 'mkinitrd' and the fiddling with /boot/grub/grub.conf. (Files installed from kernel-sourcecode package are all correctly labeled!) Except for grub.conf, the types appear correct but the user is 'root' instead of 'system_u'. grub.conf is labeled 'root:object_r:boot_t' instead of 'system_u:object_r:boot_runtime_t'.
(Are 'restorecon' commands needed in the postinstall scriptlet? elsewhere?)
tom
[BTW, the system boots fine even without fixing the labels mentioned above.]
Tom London wrote:
Hmmm.... worked for me. I'm running 427 on two machines. One with the 'old policy' stuff, the other with all the latest packages from the development tree (including 'new selinux-policy' stuff).
A suggestion from Stephen Smalley may help you. I haven't tried to install a new kernel since doing this. Also, I noticed an updated rpm package in the development tree.....
tom ------------------------------------------------------------------------
* /From/: Stephen Smalley <sds epoch ncsc mil> * /Date/: Thu, 10 Jun 2004 15:30:09 -0400
------------------------------------------------------------------------
On Tue, 2004-06-08 at 23:25, Tom London wrote:
[On my system, yum/rpm seem not to be correctly labeling installed files, so I manually check and change via 'fixfiles' or 'setfiles' as appropriate.
This is because rpm hasn't been updated for the new policy layout, so it
cannot find the file_contexts configuration. Until it is updated, I
have just created a symlink, i.e.
ln -sf /etc/selinux/strict/contexts/files/file_contexts /etc/security/selinux/file_contexts
