francois.valenduc at tvcablenet
Sep 11, 2009, 9:56 AM
Post #8 of 8
(2307 views)
Permalink
|
François Valenduc a écrit :
> Andrew John Hughes a écrit :
>
>> 2009/9/10 François Valenduc <francois.valenduc [at] tvcablenet>:
>>
>>
>>> Andrew John Hughes a écrit :
>>>
>>>
>>>> 2009/9/5 François Valenduc <francois.valenduc [at] tvcablenet>:
>>>>
>>>>
>>>>
>>>>> Magnus Granberg a écrit :
>>>>>
>>>>>
>>>>>
>>>>>> On Saturday 05 September 2009 12.17.00 François Valenduc wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hello everybody,
>>>>>>>
>>>>>>> I have recently swicth my SElinux install from ext3 to ext4 and after
>>>>>>> having changed the rlpkq script to also relabel ext4 filesystems, I get
>>>>>>> the following errors:
>>>>>>> /usr/sbin/setfiles set context
>>>>>>> /usr/sbin/setfilecon->system_u:object_r:bin_t failed:'Operation not
>>>>>>> supported'
>>>>>>> However, I have enabled Ext4 Security labels in the kernel configuration.
>>>>>>>
>>>>>>> Does anybody know a solution to this problem ?
>>>>>>> Thanks in advance for your help.
>>>>>>>
>>>>>>> François Valenduc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> You need to update to policycoreutils-2.0.69 to get ext4 support.
>>>>>> See bug #275369 http://bugs.gentoo.org/show_bug.cgi?id=275369
>>>>>> ------
>>>>>> Hardened-Development Overlay
>>>>>> Magnus Granberg (Zorry) <zorry [at] ume>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> I have tried to upgrade policycoreutils to this version but it fails to
>>>>> compile with this error:
>>>>>
>>>>> cc -Wl,-O1 semodule.o -lsepol -lselinux -lsemanage -L/usr/lib -o
>>>>> semodulesemodule.o: In function `main':
>>>>> semodule.c:(.text+0x803): undefined reference to
>>>>> `semanage_module_upgrade_file'
>>>>> semodule.c:(.text+0x84a): undefined reference to
>>>>> `semanage_module_install_file'
>>>>> semodule.c:(.text+0x8ae): undefined reference to
>>>>> `semanage_module_install_base_file'
>>>>> collect2: ld a retourné 1 code d'état d'exécution
>>>>> make[1]: *** [semodule] Erreur 1
>>>>> make[1]: quittant le répertoire «
>>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69/semodule
>>>>> »
>>>>> make: *** [all] Erreur 1
>>>>> make: quittant le répertoire «
>>>>> /var/tmp/portage/sys-apps/policycoreutils-2.0.69/work/policycoreutils-2.0.69
>>>>> »
>>>>>
>>>>>
>>>>> I have looked in gentoo bugzilla and I didn't find anything which seems
>>>>> similar to this error.
>>>>>
>>>>> François Valenduc
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Have you checked there aren't corresponding updates to libselinux,
>>>> libsepol and libsemanage? This error suggests one or more of those
>>>> libraries are out of date.
>>>>
>>>>
>>>>
>>> Indeed, upgrading libsepol, libsemanage and libselinux allowed
>>> policycoreutils 2.0.69 to be compiled without error. However, it's still
>>> impossible to relabel the filesystem. Now I don't see plenty of lines
>>> indicating "Operation not supported" when I use rlpkg. But the files
>>> remains unlabeled. Is it really possible to use ext4 and selinux ?
>>>
>>>
>>>
>> There must be some way, as Fedora 11 ships with both.
>> How recent is your kernel? ext4 is still in development.
>>
>>
>>
>>> Thanks for your help.
>>>
>>>
>>>
>>>
>>
>>
>>
> I am using the brand new 2.6.31 kernel and I have enabled the following
> options:
> CONFIG_EXT4_FS=m
> CONFIG_EXT4_FS_XATTR=y
> CONFIG_EXT4_FS_POSIX_ACL=y
> CONFIG_EXT4_FS_SECURITY=y
> The problem also occured with kernels 2.6.30.x.
>
> François Valenduc
>
>
>
After having looked in dmesg, I find lines like this one when an ext4
partition is mounted:
SELinux: initialized (dev dm-4, type ext4), not configured for labeling
So, my question is how to configure an ext4 partition for labelling ?
François Valenduc
|
