>From: fedora-list-bounces@xxxxxxxxxx >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of James Wilkinson >Sent: Sunday, December 18, 2005 1:41 PM >To: For users of Fedora Core releases (E-mail) >Subject: Re: SELinux is screwing me up!!!! Help! > > >Daniel B. Thurman wrote: >> I believe all of my problems started because I had backup >> and restored my filesystem and and *somehow* all or some >> of the selinux attributes may have been messed up. Reading >> the selinux manual, it says that you can rebuild it by touching >> a file: /.autorelabel and reboot. I did that, and I still have >> the same problem as before - nothing has changed. I checked some >> of the file-permissions such as /bin/su and note that they are >> correct and other files and directory - so at first mini-check it >> all appears to be correct. The restore appears correct throughout >> on precursory checks. >> >> The following are problem I am having.... > >Calm down... I am... just wanted to make sure I provided all relevant information as possible. I am not certain what is the cause of the problem, but it *appears* to be SElinux from what I can see. This is of course an assumption on my part. > >You haven't yet proved that it is SELinux. Temporarily add selinux=0 to >your kernel command line. >http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2825880 > >You do this through grub: when you're booting and grub displays it's >"choose a kernel" screen, press "e". Choose the line that starts with >"kernel", and type "e" to edit this line. At the end, add > selinux=0 >(making sure that there's a space between that and whatever came >before). > >Press Enter and "b" to boot the system. Now SELinux is disabled (this >once). Anything that still remains can't be SELinux's fault. Ok, I did this. Added selinux=0 to the kernel command line and rebooted. I was able to useradd a new user. I was NOT able to do that in selinux mode. > >> 1) I cannot login as a non-root user! I have 4 non-root >user accounts >> and yet I cannot log into any of them except as root! >> >> I get the following message when attempting to log in: >> >> ========================================== >> Your session lasted less than 10 seconds. If you have not >> logged out yourself, this could mean that there is some >> installation problem or that you may be out of diskspace. >> Try logging in with one of the failsafe sessions to see if >> you can fix this problem. >> >> [] View details (~/.xsession-errors file) >> ========================================== >> >> then I get kicked out of the login session. I still cannot log into the console as a non-root user, in selinux or non-selinux mode. See below about disk-space - I think I have plenty of diskspace - see below. > >I assume that you have, in fact, checked for disk space: try >the command >line >df -m I believe I have plenty of space - here is what I have as df goes: [root@linux ~]# df -m Filesystem 1M-blocks Used Available Use% Mounted on /dev/hda2 12207 8660 2928 75% / /dev/hda1 38 14 23 39% /boot /dev/hdb1 14081 467 12899 4% /app1 /dev/hdb2 14081 164 13203 2% /app2 /dev/hdb3 15127 4960 9400 35% /app3 /dev/shm 189 0 189 0% /dev/shm /dev/sda1 8622 33 8152 1% /fapp1 /dev/sdb1 8611 33 8141 1% /fapp2 [root@linux ~]# > >Try pressing Ctrl-Alt-F1 to get to a text-mode screen, and log in there >as a non-root user. I can log in as a normal user in selinux mode and non-selinux mode. So - this means that KDE/GNOME/X11 is a problem? I haven't changed anything in my original setup - so why this after a restore? > >Try running >tune2fs -l /dev/sdb1 | grep features >where sbd1 is your new filesystem: it may be that you haven't enabled >enough for SELinux. > >A mounted Fedora filesystem returns >Filesystem features: has_journal ext_attr resize_inode dir_index >filetype needs_recovery sparse_super large_file >You should worry if it hasn't got an "ext_attr". Hmmm... what does `needs_recovery' mean??? I got: tune2fs 1.38 (30-Jun-2005) Filesystem volume name: / Last mounted on: <not available> Filesystem UUID: 888b6827-2441-4270-90b6-b4b3e1f89765 Filesystem magic number: 0xEF53 Filesystem revision #: 1 (dynamic) Filesystem features: has_journal ext_attr resize_inode filetype needs_recovery sparse_super large_file Default mount options: (none) Filesystem state: clean Errors behavior: Continue Filesystem OS type: Linux Inode count: 1589248 Block count: 3174845 Reserved block count: 158742 Free blocks: 908087 Free inodes: 1263258 First block: 0 Block size: 4096 Fragment size: 4096 Reserved GDT blocks: 775 Blocks per group: 32768 Fragments per group: 32768 Inodes per group: 16384 Inode blocks per group: 512 Filesystem created: Thu Dec 15 11:20:42 2005 Last mount time: Sun Dec 18 15:54:44 2005 Last write time: Sun Dec 18 15:54:44 2005 Mount count: 2 Maximum mount count: 27 Last checked: Sun Dec 18 15:41:27 2005 Check interval: 15552000 (6 months) Next check after: Fri Jun 16 16:41:27 2006 Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 128 Journal inode: 8 First orphan inode: 753669 Default directory hash: tea Directory Hash Seed: 7d77144f-ef72-4b14-856a-99008e49afc1 Journal backup: inode blocks For your information, I ran in single-user mode the following command: /sbin/fixfiles -R -a restore Most went through, but there was a lot of files that did not get restored. > >You may find that tune2fs -O will let you add this: make sure >you've got >good backups, though. You may then need to run e2fsck. You shouldn't do >this on a mounted filesystem. > Should I do this step? >Hope this helps, > >James. > >-- >E-mail address: james | A woodpigeon would, If a woodpigeon could, >@westexe.demon.co.uk | But a woodpigeon can't, So it won't. > | A woodpigeon could, If a woodpigeon would, > | But a woodpigeon doesn't want to. So >it doesn't. > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005
