On 8/2/06, David Desscan <ddesscan@xxxxxxxxx> wrote:
Hi David!I can't boot one of my FC4 system. I am getting the following error message and init can't start.audit(1154201702.315.303): avc :denied {search} for pid=748 comm="mingetty" name="/" dev tmpfs ino 504 scontext=system_u : system_r : getty_t tcontext=system_u: object_r : tmpfs_ tclass=dirINIT : Id 1 respawning too fast : disabled for 5 minsINIT : Id 3 respawning too fast : disabled for 5 minsINIT : Id 4 respawning too fast : disabled for 5 minsINIT : Id 6 respawning too fast : disabled for 5 minsINIT : Id 2 respawning too fast : disabled for 5 minsINIT : Id 5 respawning too fast : disabled for 5 minsINIT : no more processes left in this runlevel.I have commented the lines in inittab for mingetty and the error message changes to:INIT: cannot execute /etc/rc.d/rc.sysinitEntering runlevel 3cannot execute /etc/rc.d/rcINIT: no more processes left in this runlevelthe audit message id is incremented as well as the pid. ino 504, 505 but same mingetty error message. I have already checked file attributes for rc and rc.sysinit. It has not changed and is rwxr-xr-x. The INIT Id changes as well.Thanks for all help or reference to web sites for solutions.David
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Learning with you, not an expert!
I did find that AVC appears to be strongly associated, if not SElinux:
http://www.die.net/doc/linux/man/man3/avc_cache_stats.3.html
And is mentioned in at least one SElinux FAQ:
From : http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2826243
Q:
My application isn't working as expected and I am seeing avc: denied messages, how do I fix this?
A:
This message means that the current SELinux policy is not allowing the application to do something. There are a number of reasons this could happen.
First, one of the files the application is trying to access could be mislabeled. If the AVC message refers to a specific file, inspect its current label with ls -alZ /path/to/file. If it seems wrong, you could try using restorecon -v /path/to/file. If you have a large number of denials related to files, you may want to use fixfiles relabel, or run restorecon with the -R option to recursively relabel a directory path.
Other times, denials may be due to a configuration change in the program not being allowed by the policy. For example, if you change Apache to also listen on port 8800, this will require a change in the security policy, apache.te. See External Link List for more information about writing policy.
If you are having trouble getting a specific application like Apache to work, see How to use system-config-securitylevel for how to disable enforcement just for that application.
AVC may have to do with other things I am still googleing.
If I were you I would be looking at my policy file and turning off SElinux to see what is going on.
I hope this helps!
Good Hunting!
Tod