How set SELinux right on FC3 after upgrade?

[rhoekstra]

Hi,

I upgraded from FC2 to FC3 on my laptop and for sake of testing I wanted to enable SELinux, as I hadn't enabled it on FC2. The reason for not enabling it on FC2 is that I am using ReiserFS.

I saw FC3 DOES support SELinux on Reiserfs (doing a ls -Z on / does show me all roles, that made me conclude it is working now).

Though, when I enabled SELinux (permissive), I saw bunch of audits in my log files, so I did a setfiles relabel. (strict policies, not to make it easy on myself ).

on http://www.hoekstra.nu/~robert/denied.txt there is a list of audits from boot time until just after I logged on. It shows both denial in dmesg as in /var/log/messages. Is there something I am doing wrong when enabling selinux?

The laptop is prety much out-of-the-box installed FC2 upgraded to FC3. At least init shouldn't get denial audits I would say?

Any help appreciated.

[rhoekstra]

Additionally, I get this when I try to relabel the system from the policy/src directory, I get the following output:

/usr/sbin/setfiles file_contexts/file_contexts `mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs|reiserfs).*rw/{print $3}';`
/usr/sbin/setfiles: read 1499 specifications
/usr/sbin/setfiles: labeling files under /
/etc/selinux: Input/output error
/usr/sbin/setfiles: unable to obtain attribute for file /etc/selinux
/usr/sbin/setfiles: error while labeling files under /
make: *** [relabel] Error 1

This is logged in /var/log/messages:
kernel: ReiserFS: hda4: warning: Invalid hash for xattr (security.selinux) associated with [13 193324 0x0 SD]

This id '193324 0x0 SD' appears to be the directory /etc/selinux, and when trying:
setfattr -x security.selinux /etc/selinux/

I get 'permission denied'.

[Jman]

All I know is that the SELinux tab of the Security Level tool helps configure SELinux without resorting to the command line.