Jonathan Underwood wrote:
On 15/03/07, Peter Smith <peter.smith@xxxxxxxxxxxxxxxxxx> wrote:
Did you go through the correct procedure to kick off the relabel?
Creating the specially named file at the top of the root filesystem? If
it is relabelling, it will state that it is doing so at boot. It will
be quite obvious. You can look at the startup scripts in /etc/rc.d/ to
see what makes it happen (rc.local, rc.sysinit, rc).
Yes, I did all the correct things to trigger the relabel - i.e. in
system-config-securitylevel turned SElinux back to targeted, checked
that /.autorelabel file was there. The spew of error messages, avc
permission denied type things happen during the relabel. Prior to that
happening, I did notice something about not being able to mount /tmp,
but it flew off the screen too fast.
Anyway, to fix the problem I did this:
1) fixfiles -f relabel
2) touch /.autorelabel
3) reboot
And all was well again. I realize that there's redundancy there, but
1) allowed 2) to happen cleanly. What the problem was re3mains a
mystery though.
You should only need to do a
touch /.autorelabe; reboot
If the machine is badly mislabeled or never been labeled you might need
to do this in permissive mode. (enforcing=0) on the boot line. You can
turn it back to enforcing with selinux=1
