On Fri, 2007-12-07 at 11:12 -0800, Daniel B. Thurman wrote:
> Daniel B. Thurman wrote:
>
> >Sent: Thursday, December 06, 2007 7:31 PM
> >To: Fedora-List (E-mail)
> >Subject: Best way to copy /usr to different partition?
> >
> >I was getting dangerously close to running out of disk space
> >since /usr was filling up fast.
> >
> >I thought it was simple to tar-copy /usr to a different drive/partiton
> >using tar copy such as:
> >
> >(cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -)
> >
> >I tar copied the contents of /usr into my new drive/partition
> >and I changed the partition label to /usr, updated my
> >/etc/fstab file, renamed my /usr to /usr-b, created
> >an empty directory /usr, chmod it to 775, mounted
> >/usr - and it all looked fine. I then unmounted /usr,
> >and then rebooted.
> >
> >The reboot reported that there was a problem with
> >the two library files: somelibfile.so.1 and somelibfile.so.2
> >and then gnome came up with user/password screen.
> >
> >I logged in as a normal user, and after that point, I a
> >black screen came up with the gnome-X-cursor and
> >then stopped. Nothing worked at this point.
> >
> >I then rebooted using rescue CD, and examined the
> >messages log file and it appears that selinux reported
> >all sorts of AVC denied over /usr and other non-system
> >mounted filesystems.
> >
> >Clearly, it seems that selinux is having problems.
> >
> >I suppose I can reboot setting the selinux = 0 and then
> >begin the task of somehow repairing selinux tags in all
> >of my files? Does this make any sense?
> >
> >Anyone have a better solution?
> >
> >I could reverse the /usr process and get rename /usr-b
> >and comment out the /usr from my fstab, but I wanted
> >some input from member in this forum before attempting
> >to do that - I would end up back to my original disk-space
> >problem.
> >
> >Any advice?
> >
>
> Ok, I have booted into rescue CD, and performed these steps:
>
> 1) (cd /usr-b; tar -cp --xattrs -f - .) | (cd /usr; tar -xp -xattrs -f -)
> 2) touch /.relabel
That should be 'touch /.autorelabel'.
Or pass 'autorelabel' as an argument on the kernel command line at boot.
> 3) reboot
>
> And I was able to get back into GDM and to log in as a normal
> user using the login screen, however the boot processes did
> report errors and the messages log as well:
>
> 1) restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf)
> 2) SELINUX: avc denied {search } comm="ifconfig" name="lib" (7 times)
> 3) SELINUX: avc denied {read} comm="mount" name="locale-archive"
> 4) SELINUX: avc denied {read} comm="mount" name="locale-alias"
> 5) SELINUX: avc denied {search} comm="dmesg" name="lib" (7 times)
> 6) SELINUX: avc denied {search} comm="dmesg" name="share"
> 7) SELINUX: avc denied {search} comm="kudzu" name="lib" (7 times)
> 8) SELINUX: avc denied {search} comm="kudzu" name="share" (5 times)
> 9) SELINUX: avc denied {search} comm="arping" name="lib" (16 times)
> 10) SELINUX: avc denied {getattr} comm="arping" name="/usr/lib"
> 11) arping: libsysfs.so.1 and libsysfs.so.2
>
> Note: most of these files have default_t assigned to these files... and
> it says that for "arping", it needs to have netutils_t assigned.
>
> It seems to me, that the only files I need to worry about are the above
> libsysfs.so.1/2 needs to be relabeled and I am not sure what to do about
> the /etc/resolv.conf file.
>
> Can anyone advise what I can do at this point?
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date: 12/6/2007 11:15 PM
>
>
--
Stephen Smalley
National Security Agency
