From: harrytaurus2002@hotmail.com (TaurusHarry)
Date: Fri, 28 Aug 2009 09:01:02 +0000
Subject: [refpolicy] SELinux: Could not downgrade policy file 24 on PPC
	boards
Message-ID: <COL109-W42923B4B8C916868E2FCE7ABF50@phx.gbl>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


Hi all,

I have installed the latest SELinux user space tools released at the Tresys
website on 2009-7-31, the max policy format version is 24. On the other side
the max policy version number on the latest kernel still is 23. My approach
are to first boot into "init=/bin/bash selinux=1" to load_policy and then 
restore security contexts for the whole file system, second boot up SELinux
normally by "init=/sbin/bash selinux=1". On x86 targets(both 32bit and 64bit)
the load_policy program could finish uneventfully:

   bash-3.2# /usr/sbin/load_policy -q /etc/selinux/target/policy/policy.24
   type=1403 audit(1249926421.908:2): policy loaded auid=4294967295 ses=4294967295
   bash-3.2#

However, on PPC 32 target(such as fsl_8548cds) the load_policy could run into
following error:

   bash-3.2# /usr/sbin/load_policy -q /etc/selinux/target/policy/policy.24
   SELinux:  Could not downgrade policy file /etc/selinux/target/policy/policy.24, searching for an  older version.
   SELinux:  Could not open policy file <= /etc/selinux/wr-strict/policy/policy.24:  No such file or directory
   /usr/sbin/load_policy:  Can't load policy:  No such file or directory
   bash-3.2#    
   bash-3.2# /usr/sbin/load_policy  -i
   type=1404 audit(1888.016:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
   libsepol.policydb_to_image: new policy image is invalid
   libsepol.policydb_to_image: could not create policy image
   SELinux:  Could not downgrade policy file /etc/selinux/wr-strict/policy/policy.24, searching for an older version.
   SELinux:  Could not open policy file <= /etc/selinux/wr-strict/policy/policy.24:  No such file or directory
   /usr/sbin/load_policy:  Can't load policy and enforcing mode requested:  No such file or directory
   bash-3.2# 

The kernel I am using is 2.6.27, why would the policy downgrading from 24 to 23
succeed on x86 boards but fail on PPC boards? Do I have to udpate kernel to the
latest 2.6.31? and is there anything special I must pay attention to when building
SELinux policy for the PPC target?

Any comments are greatly appreciated, thanks a lot!

Harry
_________________________________________________________________
???????????????
http://www.microsoft.com/china/windows/windowslive/products/photos-share.aspx?tab=1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20090828/3a63f518/attachment.html