On Thu, 2007-09-20 at 16:29 +0000, Beartooth wrote: > On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote: > > > > It shouldn't cause any trouble if you set to permissive mode. Can you > > explain what problems you are having? > > I've just recently deleted a bunch of its incomprehensible > reportage from the machine I'm on at the moment; this has come in since > (with my apologies for what c&p does to the formatting) : > > SummarySELinux is preventing semodule (semanage_t) "getattr" to / > (fs_t).Detailed DescriptionSELinux denied access requested by semodule. > It is not expected that this access is required by semodule and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access.Allowing AccessYou can generate a local policy > module to allow this access - see FAQ Or you can disable SELinux > protection altogether. Disabling SELinux protection is not recommended. > Please file a bug report against this package.Additional > InformationSource Context: user_u:system_r:semanage_tTarget > Context: system_u:object_r:fs_tTarget Objects: / [ filesystem ]Affected > RPM Packages: filesystem-2.4.6-1.fc7 [target]Policy RPM: selinux- > policy-2.6.4-38.fc7Selinux Enabled: TruePolicy Type: targetedMLS > Enabled: TrueEnforcing Mode: PermissivePlugin > Name: plugins.catchallHost Name: localhost.localdomainPlatform: Linux > localhost.localdomain 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT 2007 > i686 athlon > Alert Count: 1First Seen: Wed 05 Sep 2007 09:37:21 AM EDTLast > Seen: Wed 05 Sep 2007 09:37:21 AM EDTLocal ID: fb994b74-5944-49d4-836b- > f9011476aec6Line Numbers: Raw Audit Messages :avc: denied { getattr } > for comm="semodule" dev=dm-0 name="/" pid=28412 > scontext=user_u:system_r:semanage_t:s0 tclass=filesystem > tcontext=system_u:object_r:fs_t:s0 > > Quite commmonly, along with all the stuff that would take me > years of study (years I don't have) to understand, I get either a > recommendation to run some command ending in "reboot," which is very > tiresome to do, and also takes inordinate time. Or else it asks for a bug > report, which I am not competent to write, nor do I have time for it. It's not that hard--all the information you need is in the report above. And if you do report it, it will get fixed and save you and others grief in the future. Once you've done it once, it's not too terribly difficult or time consuming. > > > Run the following command as root to verify the mode > > > > # getenforce > > I get this, on all three machines that live on my desk : > > [root@localhost ~]# getenforce > Permissive > [root@localhost ~]# > > > > > Can I just command "yum remove selinux"? > > > > SELinux is not a single package. You can remove the policy files but the > > SELinux library is used by many core packages and cannot be removed > > easily. See previous discussions in this list in the archives for more > > details. > > More details? I'm already drowning in details meaningless to me! > -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs