On Mon, 2006-08-07 at 11:15 -0400, D. Hugh Redelmeier wrote: > Thanks, Paul and Stepen, for your help. > > | From: Stephen Smalley <sds@xxxxxxxxxxxxx> > > | Unfortunately, aside from patching your FC3 kernel and rebuilding it, I > | think your only option is to disable SELinux for FC3 altogether, i.e. > | boot it with selinux=0 or set SELINUX=disabled in /etc/selinux/config. > > Am I correct in my guess that after doing this, the next time FC5 is > booted, I will have to relabel /home? What is the right way of doing > this? (Of course I could disable SELinux in FC5 too.) Yes, if you keep them sharing /home. > Is "fixfiles relabel /home" the best choice? /sbin/restorecon -R /home should work. > In my first message, I mentioned that I got the following messages on > the console: > > inode_doinit_with_dentry: context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2 > inode_doinit_with_dentry: context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2 > > ==> What does the error message mean? > inode 2 is the root of the filesystem. > It appears that kernel routine inode_doinit_with_dentry is calling context_to_sid > and context_to_sid is returning EINVAL (because the context was invalid). > But even knowing that, I don't know what it actually means or is caused by. Your description is correct; while running FC5, the directory was labeled with the MLS/MCS field (:s0), and the FC3 kernel doesn't understand it. At the time when FC3 was released, the MLS support in SELinux was a compile-time option only and not enabled. By FC5, it had become mainstreamed and turned into a runtime enable based on the policy loaded at boot time. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
