On Wed, 2010-02-17 at 15:49 -0500, Alan Rouse wrote: > Today, up until now, I've been working with the binary policy package > in the native OpenSuse 11.2 repository (without installing source). > But I've just now installed the corresponding source package and built > it as monolithic=n. As before, "setsebool -P init_upstart=1" gives an > error message: > ---------------- > Libsemanage.get_home_dirs: nobody homedir /var/lib/nobody or its > parent directory conflicts with a file context already specified in > the policy. This usually indicates an incorrectly defined system > account. If it is a system account please make sure its uid is less > than 1000 or its log in shell is /sbin/nologin. > ---------------- > > So I did "usermod -s /sbin/nologin nobody" and repeated the setsebool. > No error message returned, and "getsebool init_upstart" reports that > it was on. But after reboot it is off again... And, yes, I did issue > "setsebool -P init_upstart=1" before reboot, and confirmed with > "getsebool init_upstart" that it worked. The fact that the setsebool -P isn't persisting across reboot suggests that you are not in fact loading the policy that you think you are. ls -l /etc/selinux/$SELINUXTYPE/policy cat /selinux/policyvers checkpolicy -V -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
