Yesterday I've upgraded my SELinux policy & tools on my FC13 machine to bring it up to date with what is distributed with FC15 and later on did a similar upgrade to the kernel as well (.38 - the latest released for FC15), but SELinux is experiencing a few issues with the kernel. Here is what I've upgraded: old: policycoreutils-python-2.0.83-33.8 policycoreutils-2.0.83-33.8 selinux-policy-3.7.19-101 selinux-policy-targeted-3.7.19-101 libsemanage-2.0.45-1 libsemanage-devel-2.0.45-1 libsemanage-static-2.0.45-1 libsemanage-python-2.0.45-1 libselinux-python-2.0.94-2 libselinux-2.0.94-2 libselinux-devel-2.0.94-2 libselinux-utils-2.0.94-2 libsepol-2.0.41-3 libsepol-devel-2.0.41-3 libsepol-static-2.0.41-3 new: policycoreutils-python-2.0.86-7 policycoreutils-2.0.86-7 policycoreutils-gui-2.0.86-7 policycoreutils-newrole-2.0.86-7 policycoreutils-restorecond-2.0.86-7 selinux-policy-3.9.16-26 selinux-policy-targeted-3.9.16-26 libsemanage-2.0.46-4 libsemanage-devel-2.0.46-4 libsemanage-static-2.0.46-4 libsemanage-python-2.0.46-4 libselinux-python-2.0.99-4 libselinux-2.0.99-4 libselinux-devel-2.0.99-4 libselinux-utils-2.0.99-4 libsepol-2.0.42-2 libsepol-devel-2.0.42-2 libsepol-static-2.0.42-2 Most of the new SELinux policy & tools above have been compiled from source - successfully - using the source rpm and just running rpmbuild with no changes to the .spec file. Everything installed OK, though when I recompiled and upgraded the kernel, it does boot up and works OK, though I have this in my syslog from SELinux: kernel: dracut: Loading SELinux policy kernel: type=1404 audit(1308450301.855:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 kernel: SELinux: Permission audit_access in class file not defined in policy. kernel: SELinux: Permission audit_access in class dir not defined in policy. kernel: SELinux: Permission execmod in class dir not defined in policy. kernel: SELinux: Permission audit_access in class lnk_file not defined in policy. kernel: SELinux: Permission open in class lnk_file not defined in policy. kernel: SELinux: Permission execmod in class lnk_file not defined in policy. kernel: SELinux: Permission audit_access in class chr_file not defined in policy. kernel: SELinux: Permission audit_access in class blk_file not defined in policy. kernel: SELinux: Permission execmod in class blk_file not defined in policy. kernel: SELinux: Permission audit_access in class sock_file not defined in policy. kernel: SELinux: Permission execmod in class sock_file not defined in policy. kernel: SELinux: Permission audit_access in class fifo_file not defined in policy. kernel: SELinux: Permission execmod in class fifo_file not defined in policy. kernel: SELinux: Permission syslog in class capability2 not defined in policy. kernel: SELinux: the above unknown classes and permissions will be allowed kernel: type=1403 audit(1308450302.288:3): policy loaded auid=4294967295 ses=4294967295 What could be the reason for this? I remember getting similar messages when I attempted to upgrade the kernel a couple of months ago from .34 to .37 - I had similar "not defined in policy" messages then from what I remember, though they were just a couple and certainly not the amount I am getting above. Is there any way I could rectify this *without* doing a full upgrade to FC15? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
