Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 48201

Summary: SELinux in kernel 2.6.6_rc1 broken because of version clash
Product: Gentoo Linux Reporter: Stefan Riemer <peng.ff>
Component: HardenedAssignee: Hardened Gentoo <hardened>
Status: RESOLVED INVALID    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Stefan Riemer 2004-04-18 04:05:24 UTC
In 2.6.6_rc1, SELinux policyversion changed to 17 (reported by 'cat /selinux/policyvers') so the default policy.15 wont load with the init from baselayout-1.8.11 (with sysvinit-2.84-selinux.patch) an it loads with the sysvinit-2.84-selinux1.patch (used by libselinux-1.10) after tweaking /etc/security/selinux/src/policy/Makefile.

Reproducible: Always
Steps to Reproduce:
1. emerge sys-kernel/development-sources (possibly other)
2. install new kernel
3. cd /etc/security/selinux/src/policy; make relabel
4. reboot

Actual Results:  
No policy is loaded.

Expected Results:  
*sigh* Loading the policy..

Portage 2.0.50-r6 (selinux-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.6.6-rc1)
=================================================================
System uname: 2.6.6-rc1 i686 Intel(R) Pentium(R) M processor 1300MHz
Gentoo Base System version 1.4.9
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=pentium3 -mcpu=pentium4 -pipe -fomit-frame-pointer 
-fstack-protector"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config 
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache loadpolicy notitles sandbox sfperms strict userpriv 
usersandbox"
GENTOO_MIRRORS="http://ftp.easynet.nl/mirror/gentoo/ ftp://ftp.tu-clausthal.
de/pub/linux/gentoo/ ftp://ftp.easynet.nl/mirror/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="aalib acpi acpi4linux alsa apache2 cdr crypt directfb dvd fbcon gdbm innodb 
libwww mysql ncurses pam pcmcia perl pic pnp python radeon readline selinux 
slang sse ssl svga tcpd usb x86 zlib"
Comment 1 Chris PeBenito (RETIRED) gentoo-dev 2004-07-04 18:03:21 UTC
You need to adjust the POLICYCOMPAT in your policy makefile, so the correct policy version is installed.