FC3t1 updated a few days ago. Booting doesn't get me very far: avc: denied {execute} for pid=1 path=/lib/tls/i486/libc-2.3.3.so dev=hda6 ino=137734 scontext=system_u:system_r:init_t tcontext=system_u:object_r:lib_t tclass=file And what follows is obviously a kernel panic. This is a K6-450.
fixfiles relabel did *not* fix this issue.
Try selinux-policy-strict-1.17.16-3 Or just patch --- nsapolicy/file_contexts/types.fc 2004-09-14 09:18:10.000000000 -0400 +++ policy-1.17.16/file_contexts/types.fc 2004-09-15 11:25:43.459813532 -0400 @@ -298,6 +298,7 @@ /lib(64)?/[^/]*/lib[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t /lib(64)?/security/[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t /lib(64)?/tls/i686/cmov/[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t +/lib(64)?/tls/i486/[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t # # /sbin And restorecon on the shared library
I'd love to try selinux-policy-strict-1.17.16-3, but RawHide is still at 1.17.16-2. Why is that?
Rawhide is frozen until FC3Test2 is released. Policy is available via my people page for now. Dan
Let's hope not too many people start testing the strict policy on FC3t2 on i586s then ;-) . Or is this issue mentioned in the release notes?
I don't have an i586 up and running to verify this, but I see the following in /etc/selinux/strict/src/policy/file_contexts/types.fc which should fix the problem: /lib(64)?/tls/i.86/[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t version:selinux-policy-*-1.17.26-3