On Sat, 2008-11-22 at 03:09 -0800, Rahul Jain wrote: > Thankyou all for your kind help. > > Finally I was able to boot my policy. As suggested, I removed > dontaudit rules from my policy by doing "make enableaudit". Then I did > some quick fixes and was finally able to boot the policy. However I am > still facing some issues: > Firstly - My syslog daemon takes too long to start almost 10 min. > Please note my test systems are high end multiprocessor express > servers with 8 GB of RAM. > Secondly: I am not able to come back to permissive mode, not even > by login as sysadm_r role. My file system is read only and so I am not > able to edit the /etc/selinux/config file. "setenforce" command > temperoraly puts the policy in permissive mode but still config file > could not be edited. I even tried it in linux single user mode, > but the problem persists. Is it the property of the tresys reference > policy or my policy is still not behaving properly? > I reallly appreciate your kind help > > Thanks > Rahul > Cool, glad to hear you're up and running. Like what Stephen had mentioned, you should check and make sure the files are labeled correctly. before doing a make enable audit.(this way you don't strip down you're policy); With the syslog either you have it installed incorrectly, or there still is denials showing up causing syslog to partially work. i.g. I usually do a "rm /var/log/syslog, touch /var/log/syslog, reboot, audit2allow -i /var/log/syslog", to see any dbus avc's (that is if dbus is running correctly); most likely if you are booting into permissive and syslog start's right up, as opposed to enforcing, then there's a denial floating around that needs to be allowed. As for setting permissive mode, what is you're initial context? (i.g. id -Z once you've started up.); regards; -- Justin P. Mattock <justinmattock@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
