On Sun, Feb 15, 2009 at 10:08 PM, Justin Mattock <justinmattock@xxxxxxxxx> wrote: > On Sun, Feb 15, 2009 at 6:39 PM, Russell Coker <russell@xxxxxxxxxxxx> wrote: >> On Sun, 15 Feb 2009, Justin Mattock <justinmattock@xxxxxxxxx> wrote: >>> I'm in the process of creating a linux from scratch system. >>> when looking at: >>> ldd /sbin/init >>> I dont see any info on >>> libselinux or libsepol. >> [...] >>> Is there a clean patch for sysvinit_2.86.ds1.orig.tar.gz >>> (I just grabbed any sysvinit from either deb/or ubuntu); >>> or even better, a sysvinit(version) that has a built-in command like >>> xserver does(--enable-selinux); >>> appreciate the time. >> >> # ldd /sbin/init |grep selin >> libselinux.so.1 => /lib/libselinux.so.1 (0xb7f3f000) >> > > this is what I always check for in any installation I do. > this time I get nothing. > > >> The above is from a stock Debian/Lenny system. The patch (.diff.gz file) for >> that will have the SE Linux code you need. >> > > yeah it looks like there is no code with the package that I have > to make the policy load. > (need to patch the package); > >> Incidentally the Debian patch in question is version 61. I suspect that some >> of those 61 releases have other code that you might desire. So I suggest >> that even disregarding the fact that the SE Linux code you require is in the >> diff, it's something you would want anyway. >> > > I'm not sure(brain is fried from unpackaging/compilling packages all-day); > >> Also let's keep the issues of the X server and init entirely separate. The >> part of your message which referenced X confused me. When you do tackle the >> X issue (after you have solved your init problem) please make sure to include >> the relevant part of the "ps axZ" output. > > I will as soon as I get things configured. > As for the X server I just was using that as an example for a config > option that it has for selinux for sysv > >> >>> but results in an unable to sync error when there is no >>> policy present >> >> That sounds like you have SELINUX=enforcing in /etc/selinux/config. Try >> SELINUX=permissive until you have things working reasonably well. >> > > I think that's what happened.. > I'll try it again,and see if this was the mistake. > >> -- >> russell@xxxxxxxxxxxx >> http://etbe.coker.com.au/ My Main Blog >> http://doc.coker.com.au/ My Documents Blog >> > > Thanks for the info. > I have a look at my init to make sure things > are in order. Then Ill post ps auxZ for you. > > regards; > > -- > Justin P. Mattock > Alright; to make things less confusing, here's some urls that I found to load the policy with sysvinit: http://repos.archlinux.org/viewvc.cgi/community/system/selinux-sysvinit/sysvinit-init.c.diff?view=log&root=community&pathrev=CURRENT http://www.mail-archive.com/pkg-sysvinit-devel@xxxxxxxxxxxxxxxxxxxxxxx/msg00663.html The issue I have is using dpkg/or apt-get already has the right patch applied and init already compiled in, in accordance to the distro. doing a (LFS) tutorial, under the documentation has me building everything from the source. (a lot of work, but worth the learning experience); I just need to find a right suitable patch for sysvinit to load the policy during boot so I can get refpolicy compiled in accordance to to the system. under /etc/* (LFS) looks similar to redhat i.g. /etc/rc.d/init.d/(lfs-bootscripts); but not sure if this matters or not. In any case, I suppose I can just copy /sbin/init from an existing debian system but, then I might have issues with the arch being different. -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
