Thankyou all for your kind help.
Finally I was able to boot my policy. As suggested, I removed dontaudit rules from my policy by doing "make enableaudit". Then I did some quick fixes and was finally able to boot the policy. However I am still facing some issues:
Firstly - My syslog daemon takes too long to start almost 10 min. Please note my test systems are high end multiprocessor express servers with 8 GB of RAM.
Secondly: I am not able to come back to permissive mode, not even by login as sysadm_r role. My file system is read only and so I am not able to edit the /etc/selinux/config file. "setenforce" command temperoraly puts the policy in permissive mode but still config file could not be edited. I even tried it in linux single user mode, but the problem persists. Is it the property of the tresys reference policy or my policy is still not behaving properly?
I reallly appreciate your kind help
Thanks
Rahul |
