On Tuesday 17 May 2005 01:13, Peter Jones <pjones@xxxxxxxxxx> wrote: > > initrd. Sure an initrd can support ext2 with labels, but that's not > > being done at the moment and such a significant change is unlikely to be > > made to the installer in a hurry. > > Anaconda has been using initramfs for boot media since November. Are > you sure you mean initrd? That was my understanding of it, I thought that initrd=whatever for the boot loaded made it use initrd. Could you please give me a URL for the correct information. > Regardless of that, why isn't ld.so.cache's context getting set > correctly from the data in the glibc package? The cache file is created by ldconfig. So it's not an issue of the glibc package or RPM. We could patch ldconfig to specifically request the context we desire (using the same mechanism that rpm uses to determine the correct file type), but that seems like a waste as such code would only be needed for the install. file_type_auto_trans(ldconfig_t, etc_t, ld_so_cache_t, file) In normal operation the ldconfig program runs in domain ldconfig_t. The above SE Linux policy specifies that when domain ldconfig_t creates a file in a directory of type etc_t the file type should be ld_so_cache_t. Currently during the install everything runs in kernel_t (including ldconfig) so the policy in question does not apply. The options to solve this are to hack the policy or to run restorecon at the end of the install. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
