selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: Policy is not managed or store cannot be accessed

Re: Policy is not managed or store cannot be accessed

From: AlannY <m_at_nospam>
Date: Thu Jan 21 2010 - 14:17:17 GMT
To: Stephen Smalley <>

On Thu, Jan 21, 2010 at 08:29:07AM -0500, Stephen Smalley wrote:
> So /sbin/init never transitioned from kernel_t to init_t and thus none
> of your processes are in the right security context.
> In order for this to happen, one of two things is required:
> 1) Your /sbin/init program needs the selinux patch to load policy and
> then re-exec itself into the right security context, or
> 2) Your initramfs init script needs to load policy (e.g. chroot
> $NEWROOT /usr/sbin/load_policy -i) before running the real init program.
> #1 was the original approach in Fedora; #2 is the current approach in
> Fedora and Ubuntu.

Ok, I'll try to modify initramfs.

> > File contexts:
> > Controlling term: system_u:object_r:ramfs_t
> This is interesting - why is your tty on a ramfs image?

I don't know ;-( It was by default. What can I do to change it? -- )\._.,--....,'``. /, _.. \ _\ (`._ ,. `._.-(,_..'--(,_..'`-.;.' -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.