First let me say that I appreciate all the help on this list very much!!!!! Justin wrote: > While running the one that they provide I noticed the system is running as > system_u:system_r:system_t (or whatever it is) I'm sure you can use this, but for me I > like to either run in staff_r, sysadm_r or user_r(roles). Makes sense... I think you're saying this is not the underlying problem for the gdm / desktop / boot issues, right? If so I'd like to get to a clean selinux boot before addressing this type of thing. > I couldn't find the source from suse(although I'm sure its there), so I just grabbed a > copy from tresys...while building the source from tresys I sometimes will hit a syntex > error(this time I did) with checkpolicy and/or checkmodule I'm now able to build policy from the source obtained from the OpenSuse 11.2 repository. Do I need a different version of checkpolicy or checkmodule? Or can I skip this? > then after being able to build and install the policy then I focused in on the > booleans, I set(although am not sure if they fixed the errors with avahi)where these: > > allow_polyinstantiation=on I don't need polyinstantiation right now so I'll skip that unless you think it's pertinent to my main problem. > init_upstart=on(although I think they use sysvinit(notsure)) Yes, OpenSuse 11.2 seems to be using sysvinit > xdm_sysadm_login=on(this is for sysadm_r role(if I wanted the main context as name:sysadm_r:sysadm_t)) > xserver_object_manager=on (although I dont see the SELinux extension in Xorg.0.log) I've been unable to make persistent changes to policy, booleans etc. Hopefully Stephen will spot the problem causing that, based on the info I sent out a few minutes ago. > keep in mind I don't think these booleans fixed the errors I think after I had > relabeled then the errors were fixed(but could be wrong). I could boot cleanly to a desktop before relabeling (with everything as file_t). Once I relabeled with fixfiles, runlevel 5 would fail and I'd be dropped back to a console at runlevel 3. > then once I was able to get a clean boot(even with the "targeted" dbus > issue) If I can get to that point I think I'll be in business. Thanks Alan -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
