From: Dominick Grift <dac.override@gmail.com>
To: selinux@tycho.nsa.gov
Subject: Re: does load_policy default to loading the lowest polvers available?
Date: Thu, 26 Nov 2015 17:51:46 +0100 [thread overview]
Message-ID: <20151126165145.GA26909@x250> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I *think* i have this issue figured out now. It seems that it was
mcstransd. Now that I have disabled it, the issue seems to be gone (only
tested a couple of boots but i am hopefull)
When I did a firmware upgrade, requiring phyiscal access I noticed that
/bin/login requested mac_admin, and that it wanted to set the context of
tty1 with the translated security level (SystemLow), but that somehow
this didn't work and so it was unable the relabel the tty.
Obviously that is not directly related to the systemd issue since by
then systemd would already have failed. It did however prompted me to
think about the possibility of mcstransd's presence being related (since
only that system has mcstransd enabled, and this issue is only on this
system)
So i decided to just have a look and see what happens, and things
started working. Booted a couple of times without mcstransd enabled and
all if well so far.
So mcstransd causes problems, and i have disabled it
- --
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCgAGBQJWVzicAAoJENAR6kfG5xmc72QL/iR20UjuQfzDNSzLt21J2ypQ
SSJDf/3VB9qDnBJ/r+O3UBp3uCDl/UUHpi7hNziw6A875LE/3vB8Ohjg/YmQnVVP
lQo/LpFFAx78WeyUxjja956TimXwlDyEKaCwwh0zgTXt6rIEa3eKqtNN+qOt5mib
L/TmSdbVJmqn/ZyB57noENLMJcBplR2C8cJRiWmPvr8FVb3tEW+VXHZuQSjHWOWR
PT5JwLpRhjSLfBUvMdWD+pRpuUvqzZ1s2l82sP3vl66iq33jAUI/R6P13kC6yOnH
E1PJeyKd0IhH42UpmKGSelYL0dcyPEDWTA7a/yBBgeDyPhJfdHvYbB7bz5aS0qvw
BSohVOvF4fJ2gfIfckX30NY1JuN4LHTSGDGrMOT/UdXvS6J/JM38zeWh3UIkWgdN
VM5SDbj0/UV01LaPMDgPo0qZl2nEDtzXfjj33bDZsn5J+t/V4SZ/OQ5k3Ca5m0nN
9g6ysP7sy0K66fB3kbzRksxiyo6e6zbDbEwvyDVgrw==
=N1O+
-----END PGP SIGNATURE-----
next reply other threads:[~2015-11-26 16:52 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-26 16:51 Dominick Grift [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-10-14 13:34 does load_policy default to loading the lowest polvers available? Dominick Grift
2015-10-14 13:56 ` Stephen Smalley
2015-10-14 14:11 ` Dominick Grift
2015-10-14 14:17 ` Stephen Smalley
2015-10-14 14:29 ` Dominick Grift
2015-10-14 15:44 ` Stephen Smalley
2015-10-14 15:48 ` Dominick Grift
2015-10-14 16:05 ` Stephen Smalley
2015-10-14 16:26 ` Dominick Grift
2015-10-14 16:41 ` Dominick Grift
2015-10-14 16:53 ` Stephen Smalley
2015-10-14 17:34 ` Dominick Grift
2015-10-14 17:38 ` Dominick Grift
2015-10-14 17:40 ` Stephen Smalley
2015-10-14 17:51 ` Dominick Grift
2015-10-14 18:07 ` Dominick Grift
2015-10-14 20:30 ` Christopher J. PeBenito
2015-10-14 20:34 ` Dominick Grift
2015-10-15 11:58 ` Richard Haines
2015-10-15 12:08 ` Dominick Grift
2015-10-14 18:52 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151126165145.GA26909@x250 \
--to=dac.override@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.