Re: Odd messages during bootup from gdm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tony Nelson wrote:

At 9:27 PM -0500 5/4/06, Gene Heskett wrote:

Gene Heskett wrote:

Gene Heskett wrote:

Paul Howarth wrote:

I'd suggest relabelling the system before trying anything else. This
will take a long time so schedule it at an appropriate time.

Set SELinux to permissive mode, reboot, and in the grub menu add
"autorelabel" to the end of the "kernel" line.

After rebooting you can change SELinux back to enforcing mode if
that's the setting you had before.

That will probably fix most of the AVC issues you're seeing.

Paul.


Ok, thats next, I can answer the rest of this mail after thats done.
Thanks :)


Unforch, the append on the kernel line of grub.conf did nothing.  so I
read the manpage again, and "touch /.autorelabel" is the magic spell.
Back in a bit...


Except that 4 reboots later I have not succeeded in getting the relabel
to work.  I've tried SELINUX=disabled and SELINUX=permissive in
/etc/selinux/config while leaving the SELINUXTYPE=targeted setting.

So what actually is the magic incantation that will make this work?


touch /.autorelabel
reboot
edit grub command line, appending "enforcing=0"
continue booting
wait

SELinux must be active but not enforcing for it to relabel.

Ah, that might explain some of it, I thought it had to be disabled.
I've now done an init 1, and invoked that command, which did take a while, 10 minutes or so. Then I re-enabled selinux and rebooted. Got huge amount of those warnings, 2-3 times more than before. And I spotted this near the end of the dmesg: 
May  4 02:49:09 diablo kernel: md: Autodetecting RAID arrays.
May  4 02:49:09 diablo kernel: md: autorun ...
May  4 02:49:10 diablo kernel: md: ... autorun DONE.
audit(1146799877.012:325): avc: denied { read } for pid=2528 comm="restorecon" name="config" dev=hda5 ino=12898524 scontext=root:system_r:re 
storecon_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file

So I tried, in runlevel 3, restorecon -n /, and got this:
audit(1146799877.012:325): avc: denied { read } for pid=2528 comm="restorecon" name="config" dev=hda5 ino=12898524 scontext=root:system_r:re 
storecon_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file

So whats wrong, and how did I arrive at this condition?


____________________________________________________________________
TonyN.:'                       <mailto:tonynelson@xxxxxxxxxxxxxxxxx>
      '                              <http://www.georgeanelson.com/>




--
Cheers, Gene
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux