Re: AW: Re: ext3 Filessyten in FC5-Test incompatible with other FC or RHEL versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-12-22 at 09:49 -0500, Stephen Smalley wrote:
> In FC5, the security contexts have been extended with an additional
> field for the Multi-Category Security (MCS) and Multi-Level Security
> (MLS) support, see
> http://www.livejournal.com/users/james_morris/5583.html
> and
> http://www.livejournal.com/users/james_morris/5020.html
> 
> Older SELinux kernels with MLS support disabled (i.e. RHEL4/CentOS4,
> FC3, older FC4 kernels) will reject the extended security contexts as
> being invalid, which yields the error you are seeing.  Some
> compatibility patches were upstreamed to help with this problem, and I
> think that they went into the latest FC4 kernel update, but I'm not sure
> about RHEL4 yet.

BTW, the MLS compatibility patch can't just be applied to the
RHEL4/CentOS4 kernel as is (the patch would have no real effect by
itself), because it depends on a prior patch that mainstreamed the MLS
code (turning it from a compile-time option that was disabled in RHEL4
to a load-time option).  The MLS code isn't even built into the RHEL4
kernel currently. So the patch would have to be reworked for it.

-- 
Stephen Smalley
National Security Agency

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]