[Clip] Applied CLIP to fresh RHEL 5.3; network won't start
Brandon Whalen
bwhalen at tresys.com
Mon Aug 10 21:13:45 CDT 2009
On 8/6/09 7:39 PM, "Eric Gearhart" <eric at nixwizard.net> wrote:
> On Thu, Aug 6, 2009 at 2:42 PM, Christopher J.
> PeBenito<cpebenito at tresys.com> wrote:
>> No, network_conf_t is the expected label on /etc/sysconfig/network for a
>> CLIP system. Can you send the actual audit log? The raw messages have
>> additional info which can help us piece together whats happening.
>
> OK here's a complete, huge audit.log - I cleared out audit.log (just
> 'echo > audit.log'), did 'service network restart' and here's the
> resulting audit.log. Note that SELinux was in permissive mode during
> all this... let me know if it should be in enforcing. Note the
> network-functions errors and whatnot...
>
> Eric
I looked into the issues you are having and believe I have resolved them.
The first problem is that CLIP does not allow the system administrator
(sysadm) to start daemons directly so 'service network [start|stop|restart]'
will always fail. The correct call is 'run_init /etc/init.d/network
[start|stop|restart]' This will cause a transition into the correct init
domain and launch the network properly. There were some policy issues
concerning reading the network configuration files that I resolved. You can
find the details of my fixes looking at the svn checkins at [1]. I have
updated the yum repository so that any new builds should install the updated
policy allowing you to start the network in enforcing. If you find you have
any problems please let me know.
[1] http://oss.tresys.com/projects/clip/log/trunk/RHEL5.3
> _______________________________________________
> Clip mailing list
> Clip at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/clip
Brandon Whalen
Linux Solutions Practice
Tresys Technology
8840 Stanford Boulevard, Suite 2100
Columbia, MD 21045
Phone: +1 410 290-1411 x147
FAX: +1 410 953-0494
bwhalen at tresys.com | www.tresys.com
More information about the Clip
mailing list