On Wed, 2009-05-20 at 22:57 +0800, Dennis Wronka wrote: > Okay, here we go: > > I unmounted /selinux and then got this: > load_policy: Can't load policy: Invalid argument > > I attached my kernel-config and the two traces (trace1 for the "Device or > resource busy"-error, trace2 for the "Invalid argument"-error). Ahem. Your kernel config has these SELinux options: CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set # CONFIG_SECURITY_SELINUX_DEVELOP is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set Note that your kernel config does not support: 1) The selinux= kernel boot parameter (CONFIG_SECURITY_SELINUX_BOOTPARAM), 2) The ability to disable SELinux from /sbin/init based on SELINUX=disabled in /etc/selinux/config (CONFIG_SECURITY_SELINUX_DISABLE), 3) Permissive mode (CONFIG_SECURITY_SELINUX_DEVELOP) Is that what you intended? IOW, you cannot boot permissive, and the load policy logic is failing when it tries to switch to permissive mode (write to /selinux/enforce). -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
