Re: load_policy() with upstart on mint 9 fluxbox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/20/2010 07:44 PM, Serge E. Hallyn wrote:

Quoting Justin P. Mattock (justinmattock@xxxxxxxxx):

o.k. finally connected the dots that I needed to create a initrd.img
in order for this to load(im a total newbie!!)

Anyways the policy loads everything went in and am now in full
enforcement mode.. only real issue is with lxde
same bug here:
https://bugzilla.redhat.com/show_bug.cgi?id=552885

seems lxde is in /usr/sbin reason probably for the wrong filelabel..


Cool, so does following the steps outlined in that bug make it
work for you?
What I normally have is /boot/System.map-* and vmlinuz-* to load the kernel.. Seems sysvinit knows how to take things there and load_policy() 

for upstart whatever it's doing(like what you said) needs to go through
initrd. Yesterday I though thats what I had done with:
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers 

but missed one last step:
mkinitramfs -k -o initrd.img-2.6.36-rc8-custom-00022-g2b666ca
then after doing this everything loaded as is..

Note: guess this is whats being called to do all of this:
/usr/share/initramfs-tools/scripts/init-bottom/_load_selinux_policy
As for the file labels in /var/run seems most of the files in there are labeled with initrc_t (keep in mind I chose debian as the distro in build.conf, so maybe this is why)..
As for lxde, before using chcon I was getting a login context of name:staff_r:netutils_t:s0 then after relabeling those files: 

(chcon to this context like the bug report had shown)
system_u:object_r:xdm_exec_t:s0 /usr/sbin/lxdm
system_u:object_r:xdm_exec_t:s0 /usr/sbin/lxdm-binary
system_u:object_r:xdm_var_run_t:s0 lxdm.pid

I login with the proper context that I chose:
name:staff_r:staff_t:s0

Right now I think everything is running o.k. on this operating system..
(nice,small, and functional..with a touch of SELinux on top...)

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux