On 02/17/2013 01:43 AM, Brian Iván Martínez wrote:
Thanks for the help, I found the fedora package for policycoreutils and copied the unit file to make the daemon run in every boot, you said it wasn't necessary but it would be nice to have working everything I can and even if I have the time and energy after this getting the gui tools too. Anyway, I've downloaded the selinux notebook and the first thing I notice is the change in the directories so I'm running thinking selinux was in /selinux and no it isn't, should I erase the entry in the fstab or should I change it to point to /sys/fs/selinux?. Another thing is, I installed an old policy wich is sysvinit compatible but now I can't boot in enforcing because it complains about not finding /dev/shm to boot (in permissive is fine), in the IRC one guy helped me (I'm really sorry, I forgot the username) and said it could be a policy issue so I should install a new one either from Fedora's lates packages or from Tresys and then try to create one based on those. My question is, could that be the issue or should I search somewhere else?
You don't need it in fstab because systemd calls libselinux selinux_init_load_policy() which will automatically try to mount selinuxfs on /sys/fs/selinux first, and then fall back to /selinux if that directory does not exist (which would be the case on older kernels).
Updating to a recent policy certainly wouldn't hurt. But for policy issues, you should:
a) post your actual denials, b) take your questions to the refpolicy list, http://oss.tresys.com/mailman/listinfo/refpolicy -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
