Help: SELinux causing(?) boot failures...

All of lore.kernel.org
 help / color / mirror / Atom feed

* Help: SELinux causing(?) boot failures...
@ 2008-08-08 15:46 Mike Edenfield
  2008-08-08 16:51 ` Paul Moore
  0 siblings, 1 reply; 9+ messages in thread
From: Mike Edenfield @ 2008-08-08 15:46 UTC (permalink / raw)
  To: SELinux Mailing List

Hi,

I've been having a major problem with one particular system trying to 
convert it to an SELinux-enabled system.  Several people in #selinux 
have been very helpful, but so far nothing's working out, so I guess 
I'll ask here:

I have a VMWare Virtual Machine running a 2.6.25 kernel with SELinux 
support compiled in, and a full SELinux userland (it's Gentoo Hardened, 
in case it matters).  When I attempt to boot the machine, none of my 
startup scripts run and my terminal's getty processes repeatedly die off 
until init shuts them down.  At the pont where the boot scripts should 
be running, INIT just skips right to the next step in the boot process, 
which now looks like this:

----------

{some AVCs about init}
INIT: v2.86 booting
INIT: Entering runlevel: 3

printk: 42 messages suppressed.
{a few SELinux AVC's about agetty}

This is (none).

This is (none).

INIT: Index "c1" respawning too fast: disabled for 5 minutes
INIT: Index "c2" respawning too fast: disabled for 5 minutes
		.
		.
		.
INIT: no more processed left in this runlevel

----------

The reason I strongly suspect SELinux is the problem (or at least a 
major factor), is that adding "selinux=0" to my boot command line 
corrects the problem, and the system boots fine.  Everything appears to 
be installed and configured correctly, except obviously SELinux is now 
disabled.  The filesystems are all labeled correctly, and even on the 
failing boot the AVC messages display the correct labels, like 
tty_device_t and urandom_device_t.

This is a VM so I have ready access to its serial port for debugging, 
and can install, patch, etc. anything needed to resolve the problem.  I 
just have no idea where to start.  Can anyone help me out here?

Thanks,

--Mike

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-08 15:46 Help: SELinux causing(?) boot failures Mike Edenfield
@ 2008-08-08 16:51 ` Paul Moore
  2008-08-08 17:19   ` Mike Edenfield
  0 siblings, 1 reply; 9+ messages in thread
From: Paul Moore @ 2008-08-08 16:51 UTC (permalink / raw)
  To: Mike Edenfield; +Cc: SELinux Mailing List

On Friday 08 August 2008 11:46:23 am Mike Edenfield wrote:
> The reason I strongly suspect SELinux is the problem (or at least a
> major factor), is that adding "selinux=0" to my boot command line
> corrects the problem, and the system boots fine.  Everything appears
> to be installed and configured correctly, except obviously SELinux is
> now disabled.  The filesystems are all labeled correctly, and even on
> the failing boot the AVC messages display the correct labels, like
> tty_device_t and urandom_device_t.

Hi Mike,

In general, you are better off using "enforcing=0", which keeps SELinux 
enabled but puts it into permissive mode, on the kernel command line 
instead of "selinux=0", which disables SELinux entirely.  Have you 
tried rebooting with "enforcing=0" and capturing the AVC messages from 
the console/audit/syslog output and seeing if anything looks awry?  If 
not go ahead and do so and send them to the list, this will tell us 
what actions are being denied and why.

-- 
paul moore
linux @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-08 16:51 ` Paul Moore
@ 2008-08-08 17:19   ` Mike Edenfield
  2008-08-08 18:01     ` Paul Moore
                       ` (3 more replies)
  0 siblings, 4 replies; 9+ messages in thread
From: Mike Edenfield @ 2008-08-08 17:19 UTC (permalink / raw)
  To: Paul Moore; +Cc: SELinux Mailing List

Paul Moore wrote:
> On Friday 08 August 2008 11:46:23 am Mike Edenfield wrote:
>> The reason I strongly suspect SELinux is the problem (or at least a
>> major factor), is that adding "selinux=0" to my boot command line
>> corrects the problem, and the system boots fine.  Everything appears
>> to be installed and configured correctly, except obviously SELinux is
>> now disabled.  The filesystems are all labeled correctly, and even on
>> the failing boot the AVC messages display the correct labels, like
>> tty_device_t and urandom_device_t.
> 
> Hi Mike,
> 
> In general, you are better off using "enforcing=0", which keeps SELinux 
> enabled but puts it into permissive mode, on the kernel command line 
> instead of "selinux=0", which disables SELinux entirely.  Have you 
> tried rebooting with "enforcing=0" and capturing the AVC messages from 
> the console/audit/syslog output and seeing if anything looks awry?  If 
> not go ahead and do so and send them to the list, this will tell us 
> what actions are being denied and why.

I have SELinux configured for permissive mode to begin with, but I tried 
adding "enforcing=0" to the boot command line to no effect. Here are the 
denials I am getting:

(transcribed by hand since neither syslog nor auditd are starting)

avc: denied { execute_no_trans } for pid=1 comm="init" path="/sbin/init" 
dev=sda3 ino=920038 scontext=system_u:system_r:kernel_t 
tcontext=system_u:object_r:file_t tclass=file
avc: denied { read } for pid=1 comm="init" name="ld-linux.so.2" dev=sda3 
ino=1785880 scontext=system_u:system_r:kernel_t 
tcontext=system_u:object_r:file_t tclass=lnk_file
avc: denied { getattr } for pid=1 comm="init" path="/etc/ld.so.cache" 
dev=sda3 ino=1090186 scontext=system_u:system_r:kernel_t 
tcontext=system_t:object_r:file_t tclass=file
avc: denied { read } for pid=1 comm="init" name="udanrom" dev=sda3 
ino=126002 scontext=system_u:system_r:kernel_t 
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
avc: denied { getattr } for pid=1 comm="init" name="/" dev=selinuxfs 
ino=1 scontext=system_u:system_r:kernel_t 
tcontext=system_t:object_r:security_t tclass=filesystem
avc: denied { read write } for pid=1 comm="init" name="tty0" dev=sda3 
ino=126327 scontext=system_u:system_r:kernel_t 
tcontext=system_u:object_r:tty_device_t tclass=chr_file


There are apparently a lot of the latter since I usually get a message 
that printk is supressing several dozen messages at this point, then I 
get no more AVC's on the console.


Thanks,

--Mike

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-08 17:19   ` Mike Edenfield
@ 2008-08-08 18:01     ` Paul Moore
  2008-08-08 18:13     ` Justin Mattock
                       ` (2 subsequent siblings)
  3 siblings, 0 replies; 9+ messages in thread
From: Paul Moore @ 2008-08-08 18:01 UTC (permalink / raw)
  To: Mike Edenfield; +Cc: SELinux Mailing List

On Friday 08 August 2008 1:19:26 pm Mike Edenfield wrote:
> Paul Moore wrote:
> > On Friday 08 August 2008 11:46:23 am Mike Edenfield wrote:
> >> The reason I strongly suspect SELinux is the problem (or at least
> >> a major factor), is that adding "selinux=0" to my boot command
> >> line corrects the problem, and the system boots fine.  Everything
> >> appears to be installed and configured correctly, except obviously
> >> SELinux is now disabled.  The filesystems are all labeled
> >> correctly, and even on the failing boot the AVC messages display
> >> the correct labels, like tty_device_t and urandom_device_t.
> >
> > Hi Mike,
> >
> > In general, you are better off using "enforcing=0", which keeps
> > SELinux enabled but puts it into permissive mode, on the kernel
> > command line instead of "selinux=0", which disables SELinux
> > entirely.  Have you tried rebooting with "enforcing=0" and
> > capturing the AVC messages from the console/audit/syslog output and
> > seeing if anything looks awry?  If not go ahead and do so and send
> > them to the list, this will tell us what actions are being denied
> > and why.
>
> I have SELinux configured for permissive mode to begin with, but I
> tried adding "enforcing=0" to the boot command line to no effect.

Sorry, based on the problems you were seeing I assumed you were running 
in enforcing mode, I guess the old adage about "assuming" applies 
here :(

> Here are the denials I am getting:
>
> (transcribed by hand since neither syslog nor auditd are starting)

Since you went to the trouble to transcribe all the messages by hand I 
really need to apologize!  Since you are running in permissive mode I 
doubt SELinux is the source of all the strange behavior you are seeing; 
in permissive mode SELinux will alert you of access denials (AVC 
messages) but it won't actually deny the access.

What I don't understand is why you are seeing such a substantial 
difference between disabling SELinux entirely and running it in 
permissive mode.  Have you contacted the Gentoo folks about the 
problem?  I'm beginning to think your problems may be distro related.

> avc: denied { execute_no_trans } for pid=1 comm="init"
> path="/sbin/init" dev=sda3 ino=920038
> scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:file_t tclass=file
> avc: denied { read } for pid=1 comm="init" name="ld-linux.so.2"
> dev=sda3 ino=1785880 scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:file_t tclass=lnk_file
> avc: denied { getattr } for pid=1 comm="init" path="/etc/ld.so.cache"
> dev=sda3 ino=1090186 scontext=system_u:system_r:kernel_t
> tcontext=system_t:object_r:file_t tclass=file
> avc: denied { read } for pid=1 comm="init" name="udanrom" dev=sda3
> ino=126002 scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:urandom_device_t tclass=chr_file
> avc: denied { getattr } for pid=1 comm="init" name="/" dev=selinuxfs
> ino=1 scontext=system_u:system_r:kernel_t
> tcontext=system_t:object_r:security_t tclass=filesystem
> avc: denied { read write } for pid=1 comm="init" name="tty0" dev=sda3
> ino=126327 scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:tty_device_t tclass=chr_file

-- 
paul moore
linux @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-08 17:19   ` Mike Edenfield
  2008-08-08 18:01     ` Paul Moore
@ 2008-08-08 18:13     ` Justin Mattock
  2008-08-08 23:03     ` Russell Coker
  2008-08-14 16:58     ` Stephen Smalley
  3 siblings, 0 replies; 9+ messages in thread
From: Justin Mattock @ 2008-08-08 18:13 UTC (permalink / raw)
  To: Mike Edenfield; +Cc: Paul Moore, SELinux Mailing List

On Fri, Aug 8, 2008 at 10:19 AM, Mike Edenfield <kutulu@kutulu.org> wrote:
> Paul Moore wrote:
>>
>> On Friday 08 August 2008 11:46:23 am Mike Edenfield wrote:
>>>
>>> The reason I strongly suspect SELinux is the problem (or at least a
>>> major factor), is that adding "selinux=0" to my boot command line
>>> corrects the problem, and the system boots fine.  Everything appears
>>> to be installed and configured correctly, except obviously SELinux is
>>> now disabled.  The filesystems are all labeled correctly, and even on
>>> the failing boot the AVC messages display the correct labels, like
>>> tty_device_t and urandom_device_t.
>>
>> Hi Mike,
>>
>> In general, you are better off using "enforcing=0", which keeps SELinux
>> enabled but puts it into permissive mode, on the kernel command line instead
>> of "selinux=0", which disables SELinux entirely.  Have you tried rebooting
>> with "enforcing=0" and capturing the AVC messages from the
>> console/audit/syslog output and seeing if anything looks awry?  If not go
>> ahead and do so and send them to the list, this will tell us what actions
>> are being denied and why.
>
> I have SELinux configured for permissive mode to begin with, but I tried
> adding "enforcing=0" to the boot command line to no effect. Here are the
> denials I am getting:
>
> (transcribed by hand since neither syslog nor auditd are starting)
>
> avc: denied { execute_no_trans } for pid=1 comm="init" path="/sbin/init"
> dev=sda3 ino=920038 scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:file_t tclass=file
> avc: denied { read } for pid=1 comm="init" name="ld-linux.so.2" dev=sda3
> ino=1785880 scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:file_t tclass=lnk_file
> avc: denied { getattr } for pid=1 comm="init" path="/etc/ld.so.cache"
> dev=sda3 ino=1090186 scontext=system_u:system_r:kernel_t
> tcontext=system_t:object_r:file_t tclass=file
> avc: denied { read } for pid=1 comm="init" name="udanrom" dev=sda3
> ino=126002 scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:urandom_device_t tclass=chr_file
> avc: denied { getattr } for pid=1 comm="init" name="/" dev=selinuxfs ino=1
> scontext=system_u:system_r:kernel_t tcontext=system_t:object_r:security_t
> tclass=filesystem
> avc: denied { read write } for pid=1 comm="init" name="tty0" dev=sda3
> ino=126327 scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:tty_device_t tclass=chr_file
>
>
> There are apparently a lot of the latter since I usually get a message that
> printk is supressing several dozen messages at this point, then I get no
> more AVC's on the console.
>
>
> Thanks,
>
> --Mike
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
>

you can use
echo 0 > /proc/sys/kernel/printk_ratelimit
or
add= kernel.printk_ratelimit=0
to /etc/sysctl.conf
this way you see all of the messages,
just remember to put it back to 5 when
finished, so you don't become vulnerable to
a buffer attack.

regards;

-- 
Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-08 17:19   ` Mike Edenfield
  2008-08-08 18:01     ` Paul Moore
  2008-08-08 18:13     ` Justin Mattock
@ 2008-08-08 23:03     ` Russell Coker
  2008-08-14 16:58     ` Stephen Smalley
  3 siblings, 0 replies; 9+ messages in thread
From: Russell Coker @ 2008-08-08 23:03 UTC (permalink / raw)
  To: Mike Edenfield; +Cc: SELinux Mailing List

On Saturday 09 August 2008 03:19, Mike Edenfield <kutulu@kutulu.org> wrote:
> (transcribed by hand since neither syslog nor auditd are starting)

Incidentally a serial console (or Xen console) is really good for tracking 
down such issues.

While startup problems can usually be solved in other ways, you can have 
similar problems in system shutdown.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-08 17:19   ` Mike Edenfield
                       ` (2 preceding siblings ...)
  2008-08-08 23:03     ` Russell Coker
@ 2008-08-14 16:58     ` Stephen Smalley
  2008-08-14 19:21       ` Mike Edenfield
  3 siblings, 1 reply; 9+ messages in thread
From: Stephen Smalley @ 2008-08-14 16:58 UTC (permalink / raw)
  To: Mike Edenfield; +Cc: Paul Moore, SELinux Mailing List


On Fri, 2008-08-08 at 13:19 -0400, Mike Edenfield wrote:
> Paul Moore wrote:
> > On Friday 08 August 2008 11:46:23 am Mike Edenfield wrote:
> >> The reason I strongly suspect SELinux is the problem (or at least a
> >> major factor), is that adding "selinux=0" to my boot command line
> >> corrects the problem, and the system boots fine.  Everything appears
> >> to be installed and configured correctly, except obviously SELinux is
> >> now disabled.  The filesystems are all labeled correctly, and even on
> >> the failing boot the AVC messages display the correct labels, like
> >> tty_device_t and urandom_device_t.
> > 
> > Hi Mike,
> > 
> > In general, you are better off using "enforcing=0", which keeps SELinux 
> > enabled but puts it into permissive mode, on the kernel command line 
> > instead of "selinux=0", which disables SELinux entirely.  Have you 
> > tried rebooting with "enforcing=0" and capturing the AVC messages from 
> > the console/audit/syslog output and seeing if anything looks awry?  If 
> > not go ahead and do so and send them to the list, this will tell us 
> > what actions are being denied and why.
> 
> I have SELinux configured for permissive mode to begin with, but I tried 
> adding "enforcing=0" to the boot command line to no effect. Here are the 
> denials I am getting:

Hmmm...do you have CONFIG_SECURITY_SELINUX_DEVELOP=y in your
kernel .config file?  If not, your kernel won't support permissive mode
at all and will always be in enforcing mode.

> 
> (transcribed by hand since neither syslog nor auditd are starting)
> 
> avc: denied { execute_no_trans } for pid=1 comm="init" path="/sbin/init" 
> dev=sda3 ino=920038 scontext=system_u:system_r:kernel_t 
> tcontext=system_u:object_r:file_t tclass=file

So your filesystem is not labeled at all.

Are you sure you followed the steps in the Hardened Gentoo SELinux
guide?  And have you sent any email to the gentoo-hardened list about
this, as you'll get Gentoo-specific help there?

> avc: denied { read } for pid=1 comm="init" name="ld-linux.so.2" dev=sda3 
> ino=1785880 scontext=system_u:system_r:kernel_t 
> tcontext=system_u:object_r:file_t tclass=lnk_file
> avc: denied { getattr } for pid=1 comm="init" path="/etc/ld.so.cache" 
> dev=sda3 ino=1090186 scontext=system_u:system_r:kernel_t 
> tcontext=system_t:object_r:file_t tclass=file
> avc: denied { read } for pid=1 comm="init" name="udanrom" dev=sda3 
> ino=126002 scontext=system_u:system_r:kernel_t 
> tcontext=system_u:object_r:urandom_device_t tclass=chr_file
> avc: denied { getattr } for pid=1 comm="init" name="/" dev=selinuxfs 
> ino=1 scontext=system_u:system_r:kernel_t 
> tcontext=system_t:object_r:security_t tclass=filesystem
> avc: denied { read write } for pid=1 comm="init" name="tty0" dev=sda3 
> ino=126327 scontext=system_u:system_r:kernel_t 
> tcontext=system_u:object_r:tty_device_t tclass=chr_file
> 
> 
> There are apparently a lot of the latter since I usually get a message 
> that printk is supressing several dozen messages at this point, then I 
> get no more AVC's on the console.
> 
> 
> Thanks,
> 
> --Mike
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-14 16:58     ` Stephen Smalley
@ 2008-08-14 19:21       ` Mike Edenfield
  2008-08-14 20:24         ` Stephen Smalley
  0 siblings, 1 reply; 9+ messages in thread
From: Mike Edenfield @ 2008-08-14 19:21 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: Paul Moore, SELinux Mailing List

Stephen Smalley wrote:

> Hmmm...do you have CONFIG_SECURITY_SELINUX_DEVELOP=y in your
> kernel .config file?  If not, your kernel won't support permissive mode
> at all and will always be in enforcing mode.

Yes, I have both that and the boot option enabled in the kernel.

>> (transcribed by hand since neither syslog nor auditd are starting)
>>
>> avc: denied { execute_no_trans } for pid=1 comm="init" path="/sbin/init" 
>> dev=sda3 ino=920038 scontext=system_u:system_r:kernel_t 
>> tcontext=system_u:object_r:file_t tclass=file

> So your filesystem is not labeled at all.

This is what I thought, but when I boot with "selinux=0" I am able to 
run setfiles on all the file systems and it claims it's doing the 
labelling properly, so I'm not sure what else to do.

> Are you sure you followed the steps in the Hardened Gentoo SELinux
> guide?  And have you sent any email to the gentoo-hardened list about
> this, as you'll get Gentoo-specific help there?

I wasn't sure it was a Gentoo-specific problem, but I'm rebuilding the 
system from scratch again to make sure I didn't miss anything, then I'll 
  move to the Gentoo list from there.

Thanks,

--Mike

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Help: SELinux causing(?) boot failures...
  2008-08-14 19:21       ` Mike Edenfield
@ 2008-08-14 20:24         ` Stephen Smalley
  0 siblings, 0 replies; 9+ messages in thread
From: Stephen Smalley @ 2008-08-14 20:24 UTC (permalink / raw)
  To: Mike Edenfield; +Cc: Paul Moore, SELinux Mailing List


On Thu, 2008-08-14 at 15:21 -0400, Mike Edenfield wrote:
> Stephen Smalley wrote:
> 
> > Hmmm...do you have CONFIG_SECURITY_SELINUX_DEVELOP=y in your
> > kernel .config file?  If not, your kernel won't support permissive mode
> > at all and will always be in enforcing mode.
> 
> Yes, I have both that and the boot option enabled in the kernel.

In that case, you shouldn't actually encounter denials from SELinux - it
will let the operation proceed and just log the denial.

> >> (transcribed by hand since neither syslog nor auditd are starting)
> >>
> >> avc: denied { execute_no_trans } for pid=1 comm="init" path="/sbin/init" 
> >> dev=sda3 ino=920038 scontext=system_u:system_r:kernel_t 
> >> tcontext=system_u:object_r:file_t tclass=file
> 
> > So your filesystem is not labeled at all.
> 
> This is what I thought, but when I boot with "selinux=0" I am able to 
> run setfiles on all the file systems and it claims it's doing the 
> labelling properly, so I'm not sure what else to do.

You can always run getfattr -n security.selinux /sbin/init to see the
file context even while SELinux is disabled.  Is setfiles being given a
valid and complete file_contexts configuration?  Running it with -v
and/or -d might be illuminating.

> > Are you sure you followed the steps in the Hardened Gentoo SELinux
> > guide?  And have you sent any email to the gentoo-hardened list about
> > this, as you'll get Gentoo-specific help there?
> 
> I wasn't sure it was a Gentoo-specific problem, but I'm rebuilding the 
> system from scratch again to make sure I didn't miss anything, then I'll 
>   move to the Gentoo list from there.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2008-08-14 20:24 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-08 15:46 Help: SELinux causing(?) boot failures Mike Edenfield
2008-08-08 16:51 ` Paul Moore
2008-08-08 17:19   ` Mike Edenfield
2008-08-08 18:01     ` Paul Moore
2008-08-08 18:13     ` Justin Mattock
2008-08-08 23:03     ` Russell Coker
2008-08-14 16:58     ` Stephen Smalley
2008-08-14 19:21       ` Mike Edenfield
2008-08-14 20:24         ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.