On Fri, 2010-02-19 at 10:29 -0500, Alan Rouse wrote: > > ls -lR /etc/selinux/$SELINUXTYPE > > strace load_policy > > ======================================================================= > . /etc/selinux/config > ls -lR /etc/selinux/$SELINUXTYPE > ======================================================================= > /etc/selinux/refpolicy-standard: > total 28 > -rw-r--r--. 1 root root 2029 Oct 19 17:09 booleans What does this file contain? It shouldn't exist at all with modular/managed policy; it was the legacy way of providing distribution-shipped custom boolean definitions with monolithic policy. Delete it or put SETLOCALDEFS=0 in your /etc/selinux/config to ignore it. > /etc/selinux/refpolicy-standard/modules/active: > total 3936 > -rw-r--r--. 1 root root 20377 Feb 18 16:36 base.pp > -rw-------. 1 root root 32 Feb 18 16:36 commit_num > -rw-------. 1 root root 139886 Feb 18 16:36 file_contexts > -rw-r--r--. 1 root root 2663 Feb 18 16:36 file_contexts.homedirs > -rw-------. 1 root root 142369 Feb 18 16:36 file_contexts.template > -rw-------. 1 root root 2483 Feb 18 16:36 homedir_template > drwx------. 2 root root 12288 Feb 18 16:36 modules > -rw-------. 1 root root 0 Feb 18 16:36 netfilter_contexts > -rw-r--r--. 1 root root 3687284 Feb 18 16:36 policy.kern > -rw-------. 1 root root 47 Feb 18 16:36 seusers.final > -rw-------. 1 root root 143 Feb 18 16:36 users_extra Instead you should have a booleans.local file in this subdirectory if you have run setsebool -P on any boolean. Try running setsebool -P init_upstart=1 again for me and check whether a booleans.local file was created under modules/active, please? If not, strace the setsebool command for me. That might be large, so make it an attachment. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
