Errors with runcon - RHEL4/refpolicy

From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id k8PE9EFC013451 for ; Mon, 25 Sep 2006 10:09:14 -0400 Received: from aplesnation.dom1.jhuapl.edu (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id k8PE8B2d007567 for ; Mon, 25 Sep 2006 14:08:12 GMT MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6E0AC.2DB82B8B" Subject: Errors with runcon - RHEL4/refpolicy Date: Mon, 25 Sep 2006 10:09:13 -0400 Message-ID: <7B95239DDD54E54B9BFA23847142B1EE10A28A@aplesnation.dom1.jhuapl.edu> From: "Osborn, Justin D." To: Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. ------_=_NextPart_001_01C6E0AC.2DB82B8B Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi everybody, I'm working on a project to do containment of VMware VMs using = SELinux policy. Our system is set up on RHEL4 and I have the Reference = Policy installed. =20 We're trying to reuse the VMware policy that was originally = distributed with the Reference Policy. Specifically there is a = per-user-domain template that we modified for our use and instantiate = from another te file. The policy compiles and our VMs are properly = labeled after relabeling. The problem is that when I try to kick off a VM using runcon, I get = the non-descript "unable to setup security context" error. The command = I'm running is: runcon root:system_r:ziplock_vm1_vmware_t vmware-cmd = start /VMs/foo.vmx. My bash shell is running as = root:system_r:unconfined_t. I added my types to system_r and verified = with apol. So my questions are: a) Why was the VMware policy renoved from the Reference Policy? b) What am I missing with the runcon error? Is there somewhere I = can look for a more descriptive error message? Thanks, Justin JHU/APL ------_=_NextPart_001_01C6E0AC.2DB82B8B Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Errors with runcon - RHEL4/refpolicy

Hi everybody,
      I'm working on a project to do = containment of VMware VMs using SELinux policy. Our system is set = up on RHEL4 and I have the Reference Policy installed.

      We're trying to reuse the VMware policy = that was originally distributed with the Reference Policy. = Specifically there is a per-user-domain template that we modified for = our use and instantiate from another te file. The policy compiles = and our VMs are properly labeled after relabeling.

     The problem is that when I try to kick off a VM = using runcon, I get the non-descript "unable to setup security = context" error. The command I'm running is: runcon = root:system_r:ziplock_vm1_vmware_t vmware-cmd start /VMs/foo.vmx. = My bash shell is running as root:system_r:unconfined_t. I added my = types to system_r and verified with apol.

     So my questions are:
     a) Why was the VMware policy renoved from the = Reference Policy?
     b) What am I missing with the runcon = error? Is there somewhere I can look for a more descriptive error = message?

Thanks,
Justin
JHU/APL

------_=_NextPart_001_01C6E0AC.2DB82B8B-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id k8PJcsie025504 for ; Mon, 25 Sep 2006 15:38:54 -0400 Received: from exchange.columbia.tresys.com (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with SMTP id k8PJbqAk010278 for ; Mon, 25 Sep 2006 19:37:52 GMT Subject: Re: Errors with runcon - RHEL4/refpolicy From: "Christopher J. PeBenito" To: "Osborn, Justin D." Cc: selinux@tycho.nsa.gov In-Reply-To: <7B95239DDD54E54B9BFA23847142B1EE10A28A@aplesnation.dom1.jhuapl.edu> References: <7B95239DDD54E54B9BFA23847142B1EE10A28A@aplesnation.dom1.jhuapl.edu> Content-Type: text/plain Date: Mon, 25 Sep 2006 15:39:34 -0400 Message-Id: <1159213174.3920.238.camel@sgc> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Mon, 2006-09-25 at 10:09 -0400, Osborn, Justin D. wrote: > I'm working on a project to do containment of VMware VMs using > SELinux policy. Our system is set up on RHEL4 and I have the > Reference Policy installed. > > We're trying to reuse the VMware policy that was originally > distributed with the Reference Policy. Specifically there is a > per-user-domain template that we modified for our use and instantiate > from another te file. The policy compiles and our VMs are properly > labeled after relabeling. > > The problem is that when I try to kick off a VM using runcon, I > get the non-descript "unable to setup security context" error. The > command I'm running is: runcon root:system_r:ziplock_vm1_vmware_t > vmware-cmd start /VMs/foo.vmx. My bash shell is running as > root:system_r:unconfined_t. I added my types to system_r and verified > with apol. > > So my questions are: > a) Why was the VMware policy renoved from the Reference Policy? I don't understand the question. Its in refpolicy, and you said you were using it... > b) What am I missing with the runcon error? Is there somewhere I > can look for a more descriptive error message? It means the setexeccon() failed. Usually a setexeccon() error means either the context is invalid or it was denied setexec on the processs. You're unconfined, so you have setexec, so most likely it is an invalid context. Newer versions of runcon have a different message explicitly saying if the context is invalid. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id k92Lgod6024638 for ; Mon, 2 Oct 2006 17:42:52 -0400 Received: from aplesnation.dom1.jhuapl.edu (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id k92Lff7Y019776 for ; Mon, 2 Oct 2006 21:41:41 GMT MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6E666.C2490EC3" Subject: init unconfined in RHEL4? Date: Mon, 2 Oct 2006 17:07:24 -0400 Message-ID: <7B95239DDD54E54B9BFA23847142B1EE10A29E@aplesnation.dom1.jhuapl.edu> References: <7B95239DDD54E54B9BFA23847142B1EE10A28A@aplesnation.dom1.jhuapl.edu> From: "Osborn, Justin D." To: Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. ------_=_NextPart_001_01C6E666.C2490EC3 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I'm working on a RHEL4 system with the Reference Policy and init is = running in unconfined_t. This leads to most other processes on the = system running in unconfined_t. Has anyone seen similar errors? This is the Ref. Policy version released in March, I got the latest svn = version but it doesn't work with the libsepol and checkpolicy RHEL4 RPMs = on the Tresys site. I'm also having a strange error where I get denied messages saying = something was trying to access a file with context unlabeled_t when `ls = -Z` shows the file is clearly labeled something else. Has anyone seen similar things on RHEL4? Thanks, Justin P.S. I managed to get my template working, many thanks to Dave Caplan. -----Original Message----- From: Osborn, Justin D. Sent: Mon 9/25/2006 10:09 AM To: selinux@tycho.nsa.gov Subject: Errors with runcon - RHEL4/refpolicy =20 Hi everybody, I'm working on a project to do containment of VMware VMs using = SELinux policy. Our system is set up on RHEL4 and I have the Reference = Policy installed. =20 We're trying to reuse the VMware policy that was originally = distributed with the Reference Policy. Specifically there is a = per-user-domain template that we modified for our use and instantiate = from another te file. The policy compiles and our VMs are properly = labeled after relabeling. The problem is that when I try to kick off a VM using runcon, I get = the non-descript "unable to setup security context" error. The command = I'm running is: runcon root:system_r:ziplock_vm1_vmware_t vmware-cmd = start /VMs/foo.vmx. My bash shell is running as = root:system_r:unconfined_t. I added my types to system_r and verified = with apol. So my questions are: a) Why was the VMware policy renoved from the Reference Policy? b) What am I missing with the runcon error? Is there somewhere I = can look for a more descriptive error message? Thanks, Justin JHU/APL ------_=_NextPart_001_01C6E666.C2490EC3 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable init unconfined in RHEL4?

I'm working on a RHEL4 system with the Reference = Policy and init is running in unconfined_t. This leads to most = other processes on the system running in unconfined_t. Has anyone = seen similar errors?

This is the Ref. Policy version released in March, I got the latest svn = version but it doesn't work with the libsepol and checkpolicy RHEL4 RPMs = on the Tresys site.

I'm also having a strange error where I get denied messages saying = something was trying to access a file with context unlabeled_t when `ls = -Z` shows the file is clearly labeled something else.

Has anyone seen similar things on RHEL4?

Thanks,
Justin

P.S. I managed to get my template working, many thanks to Dave = Caplan.

-----Original Message-----
From: Osborn, Justin D.
Sent: Mon 9/25/2006 10:09 AM
To: selinux@tycho.nsa.gov
Subject: Errors with runcon - RHEL4/refpolicy

Hi everybody,
      I'm working on a project to do = containment of VMware VMs using SELinux policy. Our system is set = up on RHEL4 and I have the Reference Policy installed.

      We're trying to reuse the VMware policy = that was originally distributed with the Reference Policy. = Specifically there is a per-user-domain template that we modified for = our use and instantiate from another te file. The policy compiles = and our VMs are properly labeled after relabeling.

     The problem is that when I try to kick off a VM = using runcon, I get the non-descript "unable to setup security = context" error. The command I'm running is: runcon = root:system_r:ziplock_vm1_vmware_t vmware-cmd start /VMs/foo.vmx. = My bash shell is running as root:system_r:unconfined_t. I added my = types to system_r and verified with apol.

     So my questions are:
     a) Why was the VMware policy renoved from the = Reference Policy?
     b) What am I missing with the runcon = error? Is there somewhere I can look for a more descriptive error = message?

Thanks,
Justin
JHU/APL

------_=_NextPart_001_01C6E666.C2490EC3-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzhorn.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id k93L1v9K026172 for ; Tue, 3 Oct 2006 17:01:57 -0400 Received: from mx1.redhat.com (jazzhorn.ncsc.mil [144.51.5.9]) by jazzhorn.ncsc.mil (8.12.10/8.12.10) with ESMTP id k93L1NGw012857 for ; Tue, 3 Oct 2006 21:01:23 GMT Message-ID: <4522CFC7.7040801@redhat.com> Date: Tue, 03 Oct 2006 17:01:59 -0400 From: Daniel J Walsh MIME-Version: 1.0 To: "Osborn, Justin D." CC: selinux@tycho.nsa.gov Subject: Re: init unconfined in RHEL4? References: <7B95239DDD54E54B9BFA23847142B1EE10A28A@aplesnation.dom1.jhuapl.edu> <7B95239DDD54E54B9BFA23847142B1EE10A29E@aplesnation.dom1.jhuapl.edu> In-Reply-To: <7B95239DDD54E54B9BFA23847142B1EE10A29E@aplesnation.dom1.jhuapl.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Osborn, Justin D. wrote: > > I'm working on a RHEL4 system with the Reference Policy and init is > running in unconfined_t. This leads to most other processes on the > system running in unconfined_t. Has anyone seen similar errors? > In RHEL4 only 15 Targets are confined, Everything else runs in an unconfined domain. > > This is the Ref. Policy version released in March, I got the latest > svn version but it doesn't work with the libsepol and checkpolicy > RHEL4 RPMs on the Tresys site. > > I'm also having a strange error where I get denied messages saying > something was trying to access a file with context unlabeled_t when > `ls -Z` shows the file is clearly labeled something else. > ls -Z is reading the label on the file. While the other domains are getting it from the kernel. Probably the type of the file is no longer defined in policy, so the kernel says it is unlabled_t. You should execute restorecon on it to clean it up. > > Has anyone seen similar things on RHEL4? > > Thanks, > Justin > > P.S. I managed to get my template working, many thanks to Dave Caplan. > > -----Original Message----- > From: Osborn, Justin D. > Sent: Mon 9/25/2006 10:09 AM > To: selinux@tycho.nsa.gov > Subject: Errors with runcon - RHEL4/refpolicy > > Hi everybody, > I'm working on a project to do containment of VMware VMs using > SELinux policy. Our system is set up on RHEL4 and I have the > Reference Policy installed. > > We're trying to reuse the VMware policy that was originally > distributed with the Reference Policy. Specifically there is a > per-user-domain template that we modified for our use and instantiate > from another te file. The policy compiles and our VMs are properly > labeled after relabeling. > > The problem is that when I try to kick off a VM using runcon, I > get the non-descript "unable to setup security context" error. The > command I'm running is: runcon root:system_r:ziplock_vm1_vmware_t > vmware-cmd start /VMs/foo.vmx. My bash shell is running as > root:system_r:unconfined_t. I added my types to system_r and verified > with apol. > > So my questions are: > a) Why was the VMware policy renoved from the Reference Policy? > b) What am I missing with the runcon error? Is there somewhere I > can look for a more descriptive error message? > > Thanks, > Justin > JHU/APL > > > > > > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzhorn.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id k93LsCYB027873 for ; Tue, 3 Oct 2006 17:54:12 -0400 Received: from smtp.sws.net.au (jazzhorn.ncsc.mil [144.51.5.9]) by jazzhorn.ncsc.mil (8.12.10/8.12.10) with ESMTP id k93LrZGw020167 for ; Tue, 3 Oct 2006 21:53:37 GMT From: Russell Coker Reply-To: russell@coker.com.au To: Daniel J Walsh Subject: Re: init unconfined in RHEL4? Date: Wed, 4 Oct 2006 07:54:03 +1000 Cc: "Osborn, Justin D." , selinux@tycho.nsa.gov References: <7B95239DDD54E54B9BFA23847142B1EE10A28A@aplesnation.dom1.jhuapl.edu> <7B95239DDD54E54B9BFA23847142B1EE10A29E@aplesnation.dom1.jhuapl.edu> <4522CFC7.7040801@redhat.com> In-Reply-To: <4522CFC7.7040801@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <200610040754.06676.russell@coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wednesday 04 October 2006 07:01, Daniel J Walsh wrote: > Osborn, Justin D. wrote: > > I'm working on a RHEL4 system with the Reference Policy and init is > > running in unconfined_t. This leads to most other processes on the > > system running in unconfined_t. Has anyone seen similar errors? > > In RHEL4 only 15 Targets are confined, Everything else runs in an > unconfined domain. > > > This is the Ref. Policy version released in March, I got the latest > > svn version but it doesn't work with the libsepol and checkpolicy > > RHEL4 RPMs on the Tresys site. Justin, the problem is that you are running a non-standard policy on RHEL4. If you run the back-port of the reference policy on RHEL4 then Red Hat won't support you and most developers won't be interested as development happens on Rawhide. If you have problems with Refpolicy on RHEL4 and can reproduce them on FC6test releases then many people will be interested in investigating the problems. But if it's only a problem for Refpolicy on RHEL4 then you are probably on your own. -- russell@coker.com.au http://etbe.blogspot.com/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id k94BjNbb010869 for ; Wed, 4 Oct 2006 07:45:23 -0400 Received: from aplesnation.dom1.jhuapl.edu (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id k94BiCo0019473 for ; Wed, 4 Oct 2006 11:44:13 GMT MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: init unconfined in RHEL4? Date: Wed, 4 Oct 2006 07:45:24 -0400 Message-ID: <7B95239DDD54E54B9BFA23847142B1EE12CB6D@aplesnation.dom1.jhuapl.edu> From: "Osborn, Justin D." To: "Daniel J Walsh" , "Russell Coker" Cc: Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Dan and Russell, Yeah, it was my fault, I had labeled with the refpolicy but it turned out I was using the RHEL4 targeted policy on boot (I hadn't set /etc/selinux/config). It's up and running and things are in the proper domains. I know refpolicy's unsupported on RHEL4, the idea is to move this system to RHEL5 when it's available. For now on RHEL4 I have to login and get X started before I turn the policy on, which is yucky, but it'll do until RHEL5. Thanks, Justin -----Original Message----- From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: Tuesday, October 03, 2006 5:02 PM To: Osborn, Justin D. Cc: selinux@tycho.nsa.gov Subject: Re: init unconfined in RHEL4? Osborn, Justin D. wrote: > > I'm working on a RHEL4 system with the Reference Policy and init is > running in unconfined_t. This leads to most other processes on the > system running in unconfined_t. Has anyone seen similar errors? > In RHEL4 only 15 Targets are confined, Everything else runs in an unconfined domain. > > This is the Ref. Policy version released in March, I got the latest > svn version but it doesn't work with the libsepol and checkpolicy > RHEL4 RPMs on the Tresys site. > > I'm also having a strange error where I get denied messages saying > something was trying to access a file with context unlabeled_t when > `ls -Z` shows the file is clearly labeled something else. > ls -Z is reading the label on the file. While the other domains are getting it from the kernel. Probably the type of the file is no longer defined in policy, so the kernel says it is unlabled_t. You should execute restorecon on it to clean it up. > > Has anyone seen similar things on RHEL4? > > Thanks, > Justin > > P.S. I managed to get my template working, many thanks to Dave Caplan. > > -----Original Message----- > From: Osborn, Justin D. > Sent: Mon 9/25/2006 10:09 AM > To: selinux@tycho.nsa.gov > Subject: Errors with runcon - RHEL4/refpolicy > > Hi everybody, > I'm working on a project to do containment of VMware VMs using > SELinux policy. Our system is set up on RHEL4 and I have the > Reference Policy installed. > > We're trying to reuse the VMware policy that was originally > distributed with the Reference Policy. Specifically there is a > per-user-domain template that we modified for our use and instantiate > from another te file. The policy compiles and our VMs are properly > labeled after relabeling. > > The problem is that when I try to kick off a VM using runcon, I > get the non-descript "unable to setup security context" error. The > command I'm running is: runcon root:system_r:ziplock_vm1_vmware_t > vmware-cmd start /VMs/foo.vmx. My bash shell is running as > root:system_r:unconfined_t. I added my types to system_r and verified > with apol. > > So my questions are: > a) Why was the VMware policy renoved from the Reference Policy? > b) What am I missing with the runcon error? Is there somewhere I > can look for a more descriptive error message? > > Thanks, > Justin > JHU/APL > > > > > > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id k94DFooV013497 for ; Wed, 4 Oct 2006 09:15:50 -0400 Received: from exchange.columbia.tresys.com (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with SMTP id k94DEdo0006765 for ; Wed, 4 Oct 2006 13:14:39 GMT Subject: Re: init unconfined in RHEL4? From: "Christopher J. PeBenito" To: russell@coker.com.au Cc: Daniel J Walsh , "Osborn, Justin D." , selinux@tycho.nsa.gov In-Reply-To: <200610040754.06676.russell@coker.com.au> References: <7B95239DDD54E54B9BFA23847142B1EE10A28A@aplesnation.dom1.jhuapl.edu> <7B95239DDD54E54B9BFA23847142B1EE10A29E@aplesnation.dom1.jhuapl.edu> <4522CFC7.7040801@redhat.com> <200610040754.06676.russell@coker.com.au> Content-Type: text/plain Date: Wed, 04 Oct 2006 09:15:43 -0400 Message-Id: <1159967743.14831.67.camel@sgc> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wed, 2006-10-04 at 07:54 +1000, Russell Coker wrote: > On Wednesday 04 October 2006 07:01, Daniel J Walsh wrote: > > Osborn, Justin D. wrote: > > > I'm working on a RHEL4 system with the Reference Policy and init is > > > running in unconfined_t. This leads to most other processes on the > > > system running in unconfined_t. Has anyone seen similar errors? > > > > In RHEL4 only 15 Targets are confined, Everything else runs in an > > unconfined domain. > > > > > This is the Ref. Policy version released in March, I got the latest > > > svn version but it doesn't work with the libsepol and checkpolicy > > > RHEL4 RPMs on the Tresys site. > > Justin, the problem is that you are running a non-standard policy on RHEL4. > > If you run the back-port of the reference policy on RHEL4 then Red Hat won't > support you and most developers won't be interested as development happens on > Rawhide. > > If you have problems with Refpolicy on RHEL4 and can reproduce them on FC6test > releases then many people will be interested in investigating the problems. > But if it's only a problem for Refpolicy on RHEL4 then you are probably on > your own. Actually, we are interested in RHEL4. Its going to still be around for years, and is still important, which is why there is a rhel4 distro tunable. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.