Help with messed up F11 SELinux
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 26 12:45:28 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/25/2010 06:35 PM, Steve Blackwell wrote:
> On Sun, 25 Apr 2010 20:32:53 +0200
> Dominick Grift <domg472 at gmail.com> wrote:
>
>
>>>>
>>>> Please try to run fixfiles restore as root in permissive mode.
>>>
>>> The previous attempt was as root and in permissive mode. I tried
>>> again:
>>>
>>> [root at steve ~]# id
>>> uid=0(root) gid=0(root)
>>> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
>>> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>>>
>>> [root at steve ~]# sestatus
>>> SELinux status: enabled
>>> SELinuxfs mount: /selinux
>>> Current mode: permissive
>>> Mode from config file: disabled
>>> Policy version: 24
>>> Policy from config file: targeted
>>>
>>> [root at steve ~]# fixfiles
>>> restore ********************/sbin/setfiles: unable to stat
>>> file /home/steve/.gvfs: Permission denied
>>> /sbin/setfiles: error while labeling /: Permission
>>> denied
>>> /sbin/setfiles: error while labeling /boot: Permission
>>> denied
>>> /sbin/setfiles: error while
>>> labeling /media/blah-blah: Permission denied
>>
>> in /etc/selinux/config set "SELINUX=permissive"
>>
>> then do: touch /.autorelabel && reboot
>>
>
> OK, I did that and I still get these messages in /var/log/dmesg:
>
> SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:automount_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:apcupsd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:squid_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:soundd_script_exec_t:s0 is not
> valid (left unmapped).
> SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid
> (left unmapped).
> SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is
> not valid (left unmapped).
>
>
>> once rebooted change SELINUX=permissive back to SELINUX=enforcing
>> and setenforce 1
>
> I have always been running in permissive mode because of the issues
> I've benn experiencing but I'll try it and see how it goes.
>
> Thanks,
> Steve
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Steve lets make sure you have a good selinux-policy-targeted install.
# yum reinstall selinux-policy-targeted
Make sure nothing blows up.
Then execute
#fixfiles restore
You should also see no errors.
One last thing would be what file systems are you using? ext3?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvViugACgkQrlYvE4MpobONyQCfeSVhImaZlXI9TeY8fkStBhS8
z4YAoMYoZBw1CDyhVF19SLR6OPEWqIJq
=8cuI
-----END PGP SIGNATURE-----
More information about the selinux
mailing list