On Tue, 2010-02-16 at 14:19 -0500, Alan Rouse wrote: > "sestatus -v" reports the following: > > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: permissive > Mode from config file: permissive > Policy version: 24 > Policy from config file: refpolicy > > Process contexts: > Current context: system_u:system_r:sysadm_t > Init context: system_u:system_r:init_t > /sbin/mingetty system_u:system_r:sysadm_t Ok, so init is in the right security context, but getty is not. refpolicy has a rule that says if init runs a shell, transition to sysadm_t - that is for single-user mode. But that gets disabled if using upstart since upstart runs everything via a shell. Try: setsebool -P init_upstart=1 reboot pstree -Z output might also be interesting. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
