Red Hat Bugzilla – Bug 531230
Real Time Kernel supports SELinux options not available in policy
Last modified: 2010-03-30 03:50:35 EDT
+++ This bug was initially created as a clone of Bug #531229 +++
+++ This bug was initially created as a clone of Bug #531228 +++
Description of problem:
Since we are pulling in a newer kernel for the real time kernel, it includes access that is not defined in the RHEL5 policy. These access checks are denied by default, including open. This means a RHEL5 box can not run with SELinux in enforcing mode with the Real Time Kernel. In Fedora we have the ability to tell the kernel to "allow" all access that it knows about and the policy does not.
In order to get this to work in RHEL5 we need to back port changes to the checkpolicy, libsepol and selinux-policy packages.
The test to see if these backports work is to develop a policy on RHEL5 that a Real Time Kernel can boot in enforcing mode.
Fixed in selinux-policy-2.4.6-263.el5
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.