Re: 2.6.24-rc8-mm1 and SELinux MLS - not playing nice....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 18 Jan 2008, Valdis.Kletnieks@xxxxxx wrote:

> Posting to both lists because I'm not sure who's at fault here....
> 
> System is a Dell Latitude D820, x86_64 kernel, userspace is basically
> Fedora Rawhide as of earlier today, in particular selinux-policy-mls-3.2.5-12.fc9
> 
> Trying to boot a 2.6.24-rc8-mm1 kernel gets me these msgs:
> 
> security:  5 users, 8 roles, 2043 types, 102 bools, 16 sens, 1024 cats
> security:  67 classes, 164754 rules
> security:  class peer not defined in policy
> security:  permission recvfrom in class node not defined in policy
> security:  permission sendto in class node not defined in policy
> security:  permission ingress in class netif not defined in policy
> security:  permission egress in class netif not defined in policy
> security:  permission forward_in in class packet not found in policy, bad policy
> security:  the definition of a class is incorrect

This looks the same as what akpm hit.  Paul Moore has updated his labeled 
networking patches (see Subject: [RFC PATCH v12 00/18] Labeled networking 
changes for 2.6.25), and you could try dropping those into the broken out 
-mm in place of the existing git patch, or just wait for a new -mm.

> 
> 2.6.24-rc6-mm1 said this instead:
> 
> security:  class peer not defined in policy
> security:  permission recvfrom in class node not defined in policy
> security:  permission sendto in class node not defined in policy
> security:  permission ingress in class netif not defined in policy
> security:  permission egress in class netif not defined in policy
> SELinux: policy loaded with handle_unknown=deny
> 
> and then proceeded to work OK.
> 
> (I suspect this may be the same thing Andrew Morton hit, but I can't be sure).
> 
> Anybody got hints on how to move forward?  Or is a fixed policy already in the
> Rawhide pipe?
> 
> 

-- 
James Morris
<jmorris@xxxxxxxxx>

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux