I updated policy and now I can't log in to gdm with anything other than root!
Dave Waller
Hi Dave,
I updated policy and now I can't log in to gdm with anything other than root!
If you can't handle the stress of running a test release then why are you running it?
Maybe you could investigate a little and come up with a solution that you are willing to share with us.
Leonard.
I believe that the problem aroze in policy-1.7-3.noarch.rpm and is still in policy-1.7-4.noarch.rpm policy-1.6-16.noarch.rpm was installed and I had no problems.
It also could be in the new kernel-2.6.3-2.1.238.i686.rpm I looked in the initrd and there are hardly any modules so maybe the kernel has selinux compiled in. Sure enough it is turned on in the /usr/src/linux-2.6.3-2.1.242/configs/kernel-2.6.3-i686.config
Dave
Hello Dave,
It also could be in the new kernel-2.6.3-2.1.238.i686.rpm I looked in the initrd and there are hardly any modules so maybe the kernel has selinux compiled in.
That could well be as test2 is supposed to be shipped with SELinux enabled by default. With "investigating" I was more thinking of investigating a possible fix in the policy file.
Leonard.
After further investigating I believe that the selinux=0 boot prompt might be a good canidate for default for FCC2.
Since many people will not know (as I did not) anything about SELinux and it is eazy enough to turn on/off. Perhaps it is in or going to be in the installer as an option like the firewall screens.
At first I thought that it would be module but it makes sence to have as a boot option only as any hacker could rmmod the selinux and then you have nothing.
Dave
Leonard den Ottolander wrote:
Hi Dave,
I updated policy and now I can't log in to gdm with anything other than root!
If you can't handle the stress of running a test release then why are you running it?
Maybe you could investigate a little and come up with a solution that you are willing to share with us.
Leonard.
On Mon, 2004-03-08 at 22:55, Dave Waller wrote:
After further investigating I believe that the selinux=0 boot prompt might be a good canidate for default for FCC2.
Since many people will not know (as I did not) anything about SELinux and it is eazy enough to turn on/off. Perhaps it is in or going to be in the installer as an option like the firewall screens.
At first I thought that it would be module but it makes sence to have as a boot option only as any hacker could rmmod the selinux and then you have nothing.
Dave
If by FCC2, you mean Fedora Core Test2 (wasn't sure what the second C meant), then they will not be shipping it with selinux=0 as the default. Or this was my impression.
They need the SELinux stuff tested as much as possible, defaulting it to off will not exactly do this.
Not sure what will happen with FC2, but hopefully if it's tested enough in text 2 and 3 then there will be no problem in FC2.
Doug
Douglas Furlong douglas.furlong@firebox.com writes:
On Mon, 2004-03-08 at 22:55, Dave Waller wrote:
After further investigating I believe that the selinux=0 boot prompt might be a good canidate for default for FCC2.
Since many people will not know (as I did not) anything about SELinux and it is eazy enough to turn on/off. Perhaps it is in or going to be in the installer as an option like the firewall screens.
At first I thought that it would be module but it makes sence to have as a boot option only as any hacker could rmmod the selinux and then you have nothing.
Dave
If by FCC2, you mean Fedora Core Test2 (wasn't sure what the second C meant), then they will not be shipping it with selinux=0 as the default. Or this was my impression.
They need the SELinux stuff tested as much as possible, defaulting it to off will not exactly do this.
Not sure what will happen with FC2, but hopefully if it's tested enough in text 2 and 3 then there will be no problem in FC2.
If user runs with selinx=0 in grub, then should user still see messages about missing files etc, like the one I see whenever I run rpm -[Ui] *.rpm?
/etc/security/selinux/src/policy/file_contexts/file_contexts: No such file or directory
That pathname is unknown to the most recent rpmdb-fedora.
On Tue, Mar 09, 2004 at 11:13:17AM -0600, Harry Putnam wrote:
If user runs with selinx=0 in grub, then should user still see messages about missing files etc, like the one I see whenever I run rpm -[Ui] *.rpm?
/etc/security/selinux/src/policy/file_contexts/file_contexts: No such file or directory
Yes you will see that atm, don't panic.
That pathname is unknown to the most recent rpmdb-fedora.
strange it's owned by policy-1.7-8 here
rpm --dbpath /usr/lib/rpmdb/i386-redhat-linux/redhat -qf \ /etc/security/selinux/src/policy/file_contexts/file_contexts
Paul
On Tue, 9 Mar 2004 17:11:29 +0000 Paul Nasrat pauln@truemesh.com wrote:
On Tue, Mar 09, 2004 at 11:13:17AM -0600, Harry Putnam wrote:
If user runs with selinx=0 in grub, then should user still see messages about missing files etc, like the one I see whenever I run rpm -[Ui] *.rpm?
/etc/security/selinux/src/policy/file_contexts/file_contexts: No such file or directory
Yes you will see that atm, don't panic.
That pathname is unknown to the most recent rpmdb-fedora.
strange it's owned by policy-1.7-8 here
Ok, well I do not have policy installed. I wonder how many other packages are needed for selinux that are not installed? Do you have a list? I guess it is not a dependency, or it would have been installed with the latest kernel.
Thanks.
On Tue, Mar 09, 2004 at 01:14:53PM -0600, Brian Millett wrote:
Paul Nasrat pauln@truemesh.com wrote:
On Tue, Mar 09, 2004 at 11:13:17AM -0600, Harry Putnam wrote:
If user runs with selinx=0 in grub, then should user still see messages about missing files etc, like the one I see whenever I run rpm -[Ui] *.rpm?
/etc/security/selinux/src/policy/file_contexts/file_contexts: No such file or directory
Yes you will see that atm, don't panic.
That pathname is unknown to the most recent rpmdb-fedora.
strange it's owned by policy-1.7-8 here
Ok, well I do not have policy installed. I wonder how many other packages are needed for selinux that are not installed? Do you have a list? I guess it is not a dependency, or it would have been installed with the latest kernel.
Do not install these without doing some homework first, but, for selinux I think the list of additional rpm's is:
checkpolicy policy-sources policycoreutils libselinux
Slightly out of date, See: http://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266 http://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266...