After I built a new kernel based of of ck-overloaded, I rebooted and a ton of SELinux errors/messages, kept comeing across the screen? What do need to do to make a home-grown-kernel work with SELinux.
On Mon, 2004-10-25 at 13:49 -0500, Justin Conover wrote:
After I built a new kernel based of of ck-overloaded, I rebooted and a ton of SELinux errors/messages, kept comeing across the screen?
I recommend you don't rebuild arbitrary kernel versions and patch sets with SELinux enabled. The security of the system depends on tight coordination between the kernel, policy, and various packages. In Fedora we do the integration ensure that this all just works.
What do need to do to make a home-grown-kernel work with SELinux.
Most likely you're missing the tmpfs xattr patch in this case.
Thats fine, I really just wanted to build a reiser4 dir to chroot a different linux install. I'll just use ext3/xfs instead. Well, atleast SElinux worked for saying NO to a different kenrel ;-)
On Mon, 25 Oct 2004 15:03:54 -0400, Colin Walters walters@redhat.com wrote:
On Mon, 2004-10-25 at 13:49 -0500, Justin Conover wrote:
After I built a new kernel based of of ck-overloaded, I rebooted and a ton of SELinux errors/messages, kept comeing across the screen?
I recommend you don't rebuild arbitrary kernel versions and patch sets with SELinux enabled. The security of the system depends on tight coordination between the kernel, policy, and various packages. In Fedora we do the integration ensure that this all just works.
What do need to do to make a home-grown-kernel work with SELinux.
Most likely you're missing the tmpfs xattr patch in this case.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
So basically I can install the .src.rpm for the latest Fedora Kernel and use the patch from my /rpmbuild/SOURCES/patch--2.6.9-final.bz2 or bk2 or both?
On Mon, 25 Oct 2004 14:21:21 -0500, Justin Conover justin.conover@gmail.com wrote:
Thats fine, I really just wanted to build a reiser4 dir to chroot a different linux install. I'll just use ext3/xfs instead. Well, atleast SElinux worked for saying NO to a different kenrel ;-)
On Mon, 25 Oct 2004 15:03:54 -0400, Colin Walters walters@redhat.com wrote:
On Mon, 2004-10-25 at 13:49 -0500, Justin Conover wrote:
After I built a new kernel based of of ck-overloaded, I rebooted and a ton of SELinux errors/messages, kept comeing across the screen?
I recommend you don't rebuild arbitrary kernel versions and patch sets with SELinux enabled. The security of the system depends on tight coordination between the kernel, policy, and various packages. In Fedora we do the integration ensure that this all just works.
What do need to do to make a home-grown-kernel work with SELinux.
Most likely you're missing the tmpfs xattr patch in this case.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
FYI...
Just incase anyone wants to create there own kernel running on there box. Grabbing and applying all the patches from the latest kernel.src.rpm worked for me on a ck2 kernel.
On Tue, 26 Oct 2004 10:48:24 -0500, Justin Conover justin.conover@gmail.com wrote:
So basically I can install the .src.rpm for the latest Fedora Kernel and use the patch from my /rpmbuild/SOURCES/patch--2.6.9-final.bz2 or bk2 or both?
On Mon, 25 Oct 2004 14:21:21 -0500, Justin Conover justin.conover@gmail.com wrote:
Thats fine, I really just wanted to build a reiser4 dir to chroot a different linux install. I'll just use ext3/xfs instead. Well, atleast SElinux worked for saying NO to a different kenrel ;-)
On Mon, 25 Oct 2004 15:03:54 -0400, Colin Walters walters@redhat.com wrote:
On Mon, 2004-10-25 at 13:49 -0500, Justin Conover wrote:
After I built a new kernel based of of ck-overloaded, I rebooted and a ton of SELinux errors/messages, kept comeing across the screen?
I recommend you don't rebuild arbitrary kernel versions and patch sets with SELinux enabled. The security of the system depends on tight coordination between the kernel, policy, and various packages. In Fedora we do the integration ensure that this all just works.
What do need to do to make a home-grown-kernel work with SELinux.
Most likely you're missing the tmpfs xattr patch in this case.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Tue, 2004-10-26 at 16:04 -0500, Justin Conover wrote:
FYI...
Just incase anyone wants to create there own kernel running on there box. Grabbing and applying all the patches from the latest kernel.src.rpm worked for me on a ck2 kernel.
Better yet put your kernel tarball or patchsets into the kernel srpm and specfile then rebuild so that your have maintained a valid rpm database understanding of your system, kernels installed, and related files. This is fairly simple to do, but you'll want to remove the config files for other architectures and specific patches for them (and a few related things in the spec).
On Tue, 26 Oct 2004 10:48:24 -0500, Justin Conover justin.conover@gmail.com wrote:
So basically I can install the .src.rpm for the latest Fedora Kernel and use the patch from my /rpmbuild/SOURCES/patch--2.6.9-final.bz2 or bk2 or both?
On Mon, 25 Oct 2004 14:21:21 -0500, Justin Conover justin.conover@gmail.com wrote:
Thats fine, I really just wanted to build a reiser4 dir to chroot a different linux install. I'll just use ext3/xfs instead. Well, atleast SElinux worked for saying NO to a different kenrel ;-)
On Mon, 25 Oct 2004 15:03:54 -0400, Colin Walters walters@redhat.com wrote:
On Mon, 2004-10-25 at 13:49 -0500, Justin Conover wrote:
After I built a new kernel based of of ck-overloaded, I rebooted and a ton of SELinux errors/messages, kept comeing across the screen?
I recommend you don't rebuild arbitrary kernel versions and patch sets with SELinux enabled. The security of the system depends on tight coordination between the kernel, policy, and various packages. In Fedora we do the integration ensure that this all just works.
What do need to do to make a home-grown-kernel work with SELinux.
Most likely you're missing the tmpfs xattr patch in this case.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Tuesday 26 October 2004 05:03, Colin Walters walters@redhat.com wrote:
On Mon, 2004-10-25 at 13:49 -0500, Justin Conover wrote:
After I built a new kernel based of of ck-overloaded, I rebooted and a ton of SELinux errors/messages, kept comeing across the screen?
Without seeing a sample of the messages it's difficult to guess at what the problem might be. I'm sure that you've fixed your problem by now, but for future reference please keep in mind that we need those messages to identify and fix problems. They will be stored in /var/log/messages. If your machine is too messed up to allow logging then boot with "enforcing=0".
I recommend you don't rebuild arbitrary kernel versions and patch sets with SELinux enabled. The security of the system depends on tight coordination between the kernel, policy, and various packages. In Fedora we do the integration ensure that this all just works.
We recommend that Fedora users don't rebuild kernels etc. But if you want to get involved with development then rebuilding a kernel is something that may be worth doing. Breaking your system is always the best way to start in development...
selinux@lists.fedoraproject.org
-
Andrew Farris -
Colin Walters -
Justin Conover -
Russell Coker