On Tue, 2010-02-16 at 23:16 -0800, Justin P. mattock wrote: > o.k. I think I thought too much on the subject > (I need to stop building systems from scratch > i.g. all I can think of is/are switches to enable). > > Anyways I figured out the problem seems easier > than I had expected: > > with a fresh build of suse 11.2, then > under yast adding the correct SELinux > apps/libs, then adjusting grub(in the control > center thing). > > reboot > > you hit a broken gdm dbus thing. > > under /var/log/gdm/:5-greeter.log > > there is an error message with dbus: > > Failed to start message bus: Failed to open > "/etc/selinux/targeted/contexts/dbus_contexts": No such file or directory > EOF in dbus-launch reading address from dbus daemon. > > so after reading that then looking at /etc/selinux/refpolicy-standard > I decided to just cp -R refpolicy-standard targeted(reboot) > and voila the system boots gdm starts, life is good with suse > (I guess there not the darkside after all!!). > > as for the real problem I'm guessing whatever is telling > dbus-launch to look for /etc/selinux/targeted > is the problem. > > Alan does just a simple renaming of refpolicy to targeted > at least get you up and running(if not use suses policy, > and rename it to targeted, until I can find what dbus launch script is > calling for that policy name). Interesting. On Fedora, /etc/dbus-1/system.conf and session.conf contain this directive to include the selinux configuration for dbus: <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> This avoids any hardcoded dependency on the location of the configuration file. The dbus code uses the selinux_policy_root() function provided by libselinux to find the root of the policy directory. It should be using the SELINUXTYPE= definition in /etc/selinux/config to select the active policy root. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
