Help with messed up F11 SELinux
Dominick Grift
domg472 at gmail.com
Mon Apr 26 07:27:34 UTC 2010
On Sun, Apr 25, 2010 at 06:35:57PM -0400, Steve Blackwell wrote:
> On Sun, 25 Apr 2010 20:32:53 +0200
> Dominick Grift <domg472 at gmail.com> wrote:
>
>
> > > >
> > > > Please try to run fixfiles restore as root in permissive mode.
> > >
> > > The previous attempt was as root and in permissive mode. I tried
> > > again:
> > >
> > > [root at steve ~]# id
> > > uid=0(root) gid=0(root)
> > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > >
> > > [root at steve ~]# sestatus
> > > SELinux status: enabled
> > > SELinuxfs mount: /selinux
> > > Current mode: permissive
> > > Mode from config file: disabled
> > > Policy version: 24
> > > Policy from config file: targeted
> > >
> > > [root at steve ~]# fixfiles
> > > restore ********************/sbin/setfiles: unable to stat
> > > file /home/steve/.gvfs: Permission denied
> > > /sbin/setfiles: error while labeling /: Permission
> > > denied
> > > /sbin/setfiles: error while labeling /boot: Permission
> > > denied
> > > /sbin/setfiles: error while
> > > labeling /media/blah-blah: Permission denied
> >
> > in /etc/selinux/config set "SELINUX=permissive"
> >
> > then do: touch /.autorelabel && reboot
> >
>
> OK, I did that and I still get these messages in /var/log/dmesg:
If relabeling succeeded these issues should be fixed now.
You can check by listing: "ls -alZ /etc/rc.d/init.d/mysqld"
if the type returned is mysqld_initrc_exec_t, then its fixed
if the type returned is unlabeled_t, then something went wrong.
>
> SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:automount_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:apcupsd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:squid_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:soundd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is
> not valid (left unmapped).
>
>
> > once rebooted change SELINUX=permissive back to SELINUX=enforcing
> > and setenforce 1
>
> I have always been running in permissive mode because of the issues
> I've benn experiencing but I'll try it and see how it goes.
>
> Thanks,
> Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100426/be9a315a/attachment.bin
More information about the selinux
mailing list