From: forrest whitcher <fw@fwsystems.com>
To: Stephen Smalley <sds@tislabs.com>
Cc: <SELinux@tycho.nsa.gov>
Subject: Re: switching between SE Linux utils - kernel versions ? ... also ntp
Date: Wed, 23 Jan 2002 10:05:07 -0500 [thread overview]
Message-ID: <20020123100507.5af64cc5.fw@fwsystems.com> (raw)
In-Reply-To: <Pine.GSO.4.33.0201230857580.12859-100000@raven>
On Wed, 23 Jan 2002 09:24:39 -0500 (EST)
Stephen Smalley <sds@tislabs.com> wrote:
>
> On Tue, 22 Jan 2002, forrest whitcher wrote:
>
> > A note on NTP: ntpd / ntpdate on my selinux installation has (surprsingly) not
> > raised any AVC: messages in develop/permissive mode. Does this suggest that
> > setting system time is not LSM / SEL hooked?
>
> No, it just means that ntpd is still running in the initrc_t domain. You
> need to define a domain for it if you want to run it safely.
>
That's not it. Ntpd was startd from the commandline - sysadm_r:sysadm_t role/domain
Syslog messages indicate that ntpd is choosing kernel/pll (I have systems on which
ntpd uses tickadj() is the pll a kernel function that's not hooked?
hermes ntpd[3099]: using kernel phase-lock loop 0041
> > I'll be updating to 2.4.17 shortly, wondered what is the safe matrix for
> > mixing versions?
> >
> > If I need to still sometimes boot the .12 kernel will it be able to deal
> > with PSID's left by .17? and are the .17 version utils likely to cause
> > problems on .12 kernel?
>
> The on-disk persistent label mapping format hasn't changed, so that isn't
> an issue. However, the on-disk policydb format has changed, so the 2.4.12
> kernel won't be able to use the same policy, and some of the new system
> calls have undergone changes, so the newer utilities will not work on the
> 2.4.12 kernel. So you can't easily swap back and forth. Also, when you
> perform the build and install of the .17 release, remove
> /usr/local/selinux/bin from your path to avoid trying to use the modified
> utilities during the install.
Thanks, that's useful to know.
forrest
>
> --
> Stephen D. Smalley, NAI Labs
> ssmalley@nai.com
>
>
>
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2002-01-23 15:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-22 22:15 switching between SE Linux utils - kernel versions ? ... also ntp forrest whitcher
2002-01-23 0:13 ` Paul Krumviede
2002-01-23 14:24 ` Stephen Smalley
2002-01-23 15:05 ` forrest whitcher [this message]
2002-01-23 15:14 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020123100507.5af64cc5.fw@fwsystems.com \
--to=fw@fwsystems.com \
--cc=SELinux@tycho.nsa.gov \
--cc=sds@tislabs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.