Re: ext3 security labels missing

Dennis Wronka <linuxweb@xxxxxxx> · Fri, 20 Feb 2009 15:42:47 +0800

Might it be possible that you didn't enable support for security labels when 
compiling the kernel?
Check Filesystems -> Ext3 Security Labels

Also, when installing LFS with SELinux, did you compile GLibC twice?
I first compile it without SELinux, afterwards the SELinux-libraries, so that 
those can link against GLibC, and then again GLibC, with SELinux-support that 
time.
Don't know though if that would be any issue, having a GLibC that isn't aware 
of SELinux.
But I, for myself found that probably the safest way seems to add an extra 
compile of GLibC to the install after installing the SELinux-libs.

On Friday 20 February 2009 15:04:54 Justin Mattock wrote:
> I've a strange issue.
> with my experimental learning machine(LFS)
> I'm able to load the policy etc.. but have no labels
> on my files.(just a question mark);
>
>
> ls -lZ shows
>
> drwxr-xr-x   2 root root ?  4096 Feb 18 11:19 bin
> drwxr-xr-x   3 root root ?  4096 Feb 19 22:36 boot
> lrwxrwxrwx   1 root  999 ?    11 Feb  9 16:34 cdrom -> media/cdrom
> drwxr-xr-x  17 root root ?  4120 Feb 19 22:42 dev
> drwxr-xr-x  28 root root ?  4096 Feb 19 22:47 etc
> drwxr-xr-x   4 root root ?  4096 Feb 19 22:36 home
> drwxr-xr-x   4 root root ?  4096 Feb 18 11:19 include
> drwxr-xr-x  10 root root ?  4096 Feb 19 18:52 lib
> drwx------   2 root root ? 16384 Feb  9 16:34 lost+found
> drwxr-xr-x   3 root root ?  4096 Feb 19 22:42 media
> drwxr-xr-x   3 root root ?  4096 Feb 11 12:09 mnt
> drwxr-xr-x   2 root root ?  4096 Feb 10 09:54 opt
> dr-xr-xr-x 113 root root ?     0 Feb 19 22:42 proc
> drwxr-xr-x   5 root root ?  4096 Feb 18 11:24 root
> drwxr-xr-x   2 root root ?  4096 Feb 19 21:11 sbin
> drwxr-xr-x   7 root root ?     0 Feb 19 22:42 selinux
> drwxr-xr-x   8 root root ?  4096 Feb 18 11:19 share
> drwxr-xr-x   2 root root ?  4096 Feb 10 09:54 srv
> drwxr-xr-x  12 root root ?     0 Feb 19 22:42 sys
> drwxrwxrwt   5 root root ?  4096 Feb 19 22:50 tmp
> drwxr-xr-x   6 root root ?  4096 Feb 11 12:05 tools
> drwxr-xr-x  14 root root ?  4096 Feb 14 10:09 usr
> drwxr-xr-x  10 root root ?  4096 Feb 18 22:31 var
> lrwxrwxrwx   1 root root ?    24 Feb 10 13:11 vmlinuz ->
> /boot/vmlinuz-2.6.29-rc4
>
> if I do a id -Z I get:
> id: --context (-Z) works only on an SELinux-enabled kernel
> (but it is enabled in the kernel)
>
> >From looking back, I enabled as much as possible in any app/lib I was
> > compiling
>
> that provided selinux support.(libc,xserver,hal,dbus, etc..);
> But could be missing an important app/lib that might make the security
> labels give the proper label. by chance if anybody had experienced this
> and/or knows what might be going on,(would be really appreciated).
>
> regards;

Attachment:
signature.asc

Description: This is a digitally signed message part.