On Wednesday 18 May 2005 03:45, Peter Jones <pjones@xxxxxxxxxx> wrote: > On Tue, 2005-05-17 at 14:05 +1000, Russell Coker wrote: > > On Tuesday 17 May 2005 05:35, Jeremy Katz <katzj@xxxxxxxxxx> wrote: > > > We never used label'ing of things in the initrd when it was an ext2 > > > image. The loader explicitly sets the exec context before running > > > anaconda to be system_u:object_r:anaconda_t if policy doesn't fail to > > > load. Look in /tmp/anaconda.log (or tty3) for errors about loading the > > > policy or setting the context. > > > > That's an invalid context. The correct value should be > > system_u:system_r:anaconda_t. The role object_r is only suitable for > > files on disk. The kernel does allow setting it though. > > Fixed in cvs. I've discovered the root cause of the problem. anaconda.te seems to have been removed from the targeted policy so there is no anaconda_t domain in the policy used for installation. Ideally we want anaconda.te included in the policy for installation but excluded from the policy used for running the system. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
