Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 295559 - sys-apps/sysvinit-2.87-r1 do not loads selinux policy
Summary: sys-apps/sysvinit-2.87-r1 do not loads selinux policy
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: AMD64 Linux
: High normal (vote)
Assignee: Chris PeBenito (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-03 15:58 UTC by Marcin Szamotulski
Modified: 2010-01-10 23:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcin Szamotulski 2009-12-03 15:58:11 UTC 
I've recently changed my profile to hardened/selinux profile. After whole instalation, which went quite well, I have the following problem. The selinux policy is not loaded on startup. 
ldd /sbin/init
        linux-vdso.so.1 =>  (0x00007152afc92000)
        libc.so.6 => /lib/libc.so.6 (0x00007152af724000)
        /lib64/ld-linux-x86-64.so.2 (0x00007152afa77000)

There is no 
        libselinux.so.1 => /lib/libselinux.so.1
according to gentoo selinux handbook reemergins sysvinit should fix this problem, but it is not.

After issuing sestatus -r selinux starts crectly and the output of sestatus I got:
sestatus 
       SELinux status:                 enabled
       SELinuxfs mount:                /selinux
       Current mode:                   permissive
       Mode from config file:          permissive
       Policy version:                 24
Policy from config file:        strict

Thank you for your help.
Best regards
Marcin Szamotulski

Reproducible: Always

Actual Results:  
After booting
sestatus 
SELinux status:                 disabled

Expected Results:  
after booting it should be:
sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 24
Policy from config file:        strict


I added semanage -R to /etc/conf.d/local , but this is not a good solution.
Comment 1 Gordon Malm (RETIRED) gentoo-dev 2009-12-03 16:58:02 UTC 
post your emerge --info please.
Comment 2 Maxim Britov 2009-12-04 06:34:34 UTC 
May be you have sysvinit>=2.87 ?

2.87 is masked, but 2.87-r1 not. Try to use latest 2.86
Comment 3 Marcin Szamotulski 2009-12-06 12:22:11 UTC 
Thanks, That was it, with sysvinit 2.86-r12 it works.
Comment 4 Philipp Riegger 2009-12-20 12:35:14 UTC 
Is anyone working on this?
Comment 5 William Hubbs gentoo-dev 2010-01-08 18:43:41 UTC 
Chris,

sysvinit-2.87-r3 is now in the tree with your patch.

Please test and close this bug if it works correctly.

Thanks much.

William