On Thu, 2007-03-15 at 16:58 +0000, Jonathan Underwood wrote: > On 15/03/07, Peter Smith <peter.smith@xxxxxxxxxxxxxxxxxx> wrote: > > Did you go through the correct procedure to kick off the relabel? > > Creating the specially named file at the top of the root filesystem? If > > it is relabelling, it will state that it is doing so at boot. It will > > be quite obvious. You can look at the startup scripts in /etc/rc.d/ to > > see what makes it happen (rc.local, rc.sysinit, rc). > > Yes, I did all the correct things to trigger the relabel - i.e. in > system-config-securitylevel turned SElinux back to targeted, checked > that /.autorelabel file was there. The spew of error messages, avc > permission denied type things happen during the relabel. Prior to that > happening, I did notice something about not being able to mount /tmp, > but it flew off the screen too fast. > > Anyway, to fix the problem I did this: > 1) fixfiles -f relabel > 2) touch /.autorelabel > 3) reboot > > And all was well again. I realize that there's redundancy there, but > 1) allowed 2) to happen cleanly. What the problem was re3mains a > mystery though. It may have encountered a denial before it reached or completed filesystem relabeling. Next time, boot with "enforcing=0" on that initial relabel to make sure that it can successfully reach and complete the filesystem relabeling, then switch to enforcing mode. -- Stephen Smalley National Security Agency
