Steve wrote:
---- max <maximilianbianco@xxxxxxxxx> wrote:
2 - The only other sane thing I could advise you too do is bounce your
question off the fedora-selinux list. I would include a reference to
this thread and all the relevant details. The kernel your running, the
policy version (rpm -qa | grep selinux...setrouble) , setroubleshoot
version, the error messages below , and that you run in permissive and
used preupgrade to go from f8 to f9.
This will ensure that the right people see your message, this list is
also monitored but I think when they get busy fedora-selinux is likely
to still get checked more often than fedora-list.
I was trying to avoid this. I already get several hundred e-mails per day and I would guess that the selinux list is pretty busy too. Oh well, I'll just have to deal with it for a while.
I found this in the SELinux list archives:
http://www.nsa.gov/SELinux/list-archive/0801/thread_body36.cfm
which appears to say there was a problem but it was fixed in a patch. I wonder if it has not made it to F9 yet?
Steve
It could be related but they seem to have been running mls policy which
is not the default policy in f9. I think the patch would have made it
into F9 by now, the thread dates back to January and F9 released in May
if memory serves. I think in the end you will have to rebuild the
policy. The only way that I know of to change the handle_unknown=deny to
allow is at policy build time. This is set to allow in F8 and F9. Why
yours is not this way is something I don't understand, unless mine is
screwed up somehow but I doubt it. I have looked at two f9 boxes and an
f8 box. All of them have the handle_unknown=allow. Maybe a third party
could confirm this :
dmesg | grep -i selinux
Use the Force,
Max
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
