From: Dale Amon <amon@vnl.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Dale Amon <amon@vnl.com>, Russell Coker <russell@coker.com.au>,
SE Linux <selinux@tycho.nsa.gov>
Subject: Re: default policy package
Date: Mon, 3 Nov 2003 17:37:10 +0000 [thread overview]
Message-ID: <20031103173710.GF29928@vnl.com> (raw)
In-Reply-To: <1067876122.21113.70.camel@moss-spartans.epoch.ncsc.mil>
On Mon, Nov 03, 2003 at 11:15:23AM -0500, Stephen Smalley wrote:
> On Mon, 2003-11-03 at 10:27, Dale Amon wrote:
> > Here's one that might interest Steve: load_policy can
> > totally lock up a small memory machine if the binary
> > policy is large.
>
> What was the memory size and the policy size? load_policy follows
16MB RAM on a 486DX. I've got a couple of them I use
for firewalls and testing. Poor little fellers were
about to get chucked in the skip.
I haven't got the policy size. I'll have to reset the
test system back to 'virgin' to get back to it. But
it's easy enough to reproduce. Just take Russ's selinux-default-policy
package and answer Y to everything (I installed it and other
packages via a script the first time).
Disk makes noises for awhile, machine works away...
and then a 'top' screen I'm watching on vt2
freezes and then you can't do anything but hit the
power switch.
I 'cured' the problem by paring down the policy
to minimum size, and that loads just fine.
Note, if it is of interest, this is all being
done manually. kernel is booted with selinux=1,
but not with an initrd; I then
mount -t selinuxfs none /selinux
cd /etc/selinux; make install
make load
What I'm actually working on is trying to get
an initial root file labeling working with a
reiserfs... yeah, I finally got a round tuit.
--
------------------------------------------------------
IN MY NAME: Dale Amon, CEO/MD
No Mushroom clouds over Islandone Society
London and New York. www.islandone.org
------------------------------------------------------
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2003-11-03 17:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-03 11:43 default policy package Dale Amon
2003-11-03 13:38 ` Diyab
[not found] ` <200311040140.04077.russell@coker.com.au>
2003-11-03 15:05 ` Diyab
2003-11-03 15:29 ` Dale Amon
2003-11-03 16:18 ` Stephen Smalley
[not found] ` <200311040348.39876.russell@coker.com.au>
2003-11-03 19:27 ` Colin Walters
2003-11-03 20:04 ` Howard Holm
2003-11-03 20:11 ` Howard Holm
[not found] ` <200311040115.57564.russell@coker.com.au>
2003-11-03 15:27 ` Dale Amon
2003-11-03 16:15 ` Stephen Smalley
2003-11-03 17:37 ` Dale Amon [this message]
2003-11-04 17:54 ` Dale Amon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031103173710.GF29928@vnl.com \
--to=amon@vnl.com \
--cc=russell@coker.com.au \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.