From: Mike Edenfield <kutulu@kutulu.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Paul Moore <paul.moore@hp.com>,
SELinux Mailing List <selinux@tycho.nsa.gov>
Subject: Re: Help: SELinux causing(?) boot failures...
Date: Thu, 14 Aug 2008 15:21:24 -0400 [thread overview]
Message-ID: <48A485B4.4060403@kutulu.org> (raw)
In-Reply-To: <1218733093.29535.46.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> Hmmm...do you have CONFIG_SECURITY_SELINUX_DEVELOP=y in your
> kernel .config file? If not, your kernel won't support permissive mode
> at all and will always be in enforcing mode.
Yes, I have both that and the boot option enabled in the kernel.
>> (transcribed by hand since neither syslog nor auditd are starting)
>>
>> avc: denied { execute_no_trans } for pid=1 comm="init" path="/sbin/init"
>> dev=sda3 ino=920038 scontext=system_u:system_r:kernel_t
>> tcontext=system_u:object_r:file_t tclass=file
> So your filesystem is not labeled at all.
This is what I thought, but when I boot with "selinux=0" I am able to
run setfiles on all the file systems and it claims it's doing the
labelling properly, so I'm not sure what else to do.
> Are you sure you followed the steps in the Hardened Gentoo SELinux
> guide? And have you sent any email to the gentoo-hardened list about
> this, as you'll get Gentoo-specific help there?
I wasn't sure it was a Gentoo-specific problem, but I'm rebuilding the
system from scratch again to make sure I didn't miss anything, then I'll
move to the Gentoo list from there.
Thanks,
--Mike
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-08-14 19:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-08 15:46 Help: SELinux causing(?) boot failures Mike Edenfield
2008-08-08 16:51 ` Paul Moore
2008-08-08 17:19 ` Mike Edenfield
2008-08-08 18:01 ` Paul Moore
2008-08-08 18:13 ` Justin Mattock
2008-08-08 23:03 ` Russell Coker
2008-08-14 16:58 ` Stephen Smalley
2008-08-14 19:21 ` Mike Edenfield [this message]
2008-08-14 20:24 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48A485B4.4060403@kutulu.org \
--to=kutulu@kutulu.org \
--cc=paul.moore@hp.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.