Re: SELinux Attack!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I have learned a lot about SELinux in the past week. It turns out the simple fix is to just turn it off. But it is possible I have learned to live with SELinux turned full on and what to do if there is trouble.

This all started when I had to turn on SELinux to use a device, so I did and there was no problem. So I left it turned on. Then one morning I turned on my computer and instead of booting clear up in just one minute, it stopped when init tried to turn on "cups". It stayed there for 10 minutes! My thoughts were, how did I screw up the file system so bad? So turned off the boot and booted up in the rescue mode from a CD, and did #fsck /dev/sdb5 and it said there is nothing wrong.

So booted up again and took a long walk. When I got back it had booted clear up but not everything worked. Here now is where I panicked because it was up but not well, and I knew nothing to do to fix my computer, and could not even send an email. So I left it "up" and went shopping for about 90 minutes. When I got home it seemed to be working fine and even Thunderbird was working.

I wrote to this list and learned that this will correct a selinux label problem:

/.autorelabel and then reboot

This is in man selinux so when next it takes hours to boot up you can relabel your computer and be back in business, I did this and things went back to normal.

So now that I know what to do the next time we get a selinux upgrade. I checked and sure enough when I turned on selinux the next day there was an update. So right now I will set up to use SELinux in it's safest mode and continue to use it unless it becomes a purple plague.




--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux