Help with messed up F11 SELinux

Daniel J Walsh dwalsh at redhat.com
Mon Apr 26 15:11:00 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/26/2010 09:47 AM, Steve Blackwell wrote:
> On Mon, 26 Apr 2010 09:27:34 +0200
> Dominick Grift <domg472 at gmail.com> wrote:
> 
> 
>>>>> [root at steve ~]# fixfiles
>>>>> restore ********************/sbin/setfiles:  unable to stat
>>>>> file /home/steve/.gvfs: Permission denied 
>>>>> /sbin/setfiles:  error while labeling /:  Permission
>>>>> denied 
>>>>> /sbin/setfiles:  error while labeling /boot:  Permission
>>>>> denied 
>>>>> /sbin/setfiles:  error while
>>>>> labeling /media/blah-blah:  Permission denied
>>>>
>>>> in /etc/selinux/config set "SELINUX=permissive"
>>>>
>>>> then do: touch /.autorelabel && reboot
>>>>
>>>
>>> OK, I did that and I still get these messages in /var/log/dmesg:
>>
>> If relabeling succeeded these issues should be fixed now.
>> You can check by listing: "ls -alZ /etc/rc.d/init.d/mysqld"
>>
>> if the type returned is mysqld_initrc_exec_t, then its fixed
>> if the type returned is unlabeled_t, then something went wrong.
> 
> The type is mysqld_initrc_exec_t so it must be fixed. 
> Things have definitely improved. I'm not getting streams of AVCs any
> more when I open the sevices GUI. Thnk you, Dominick!
> 
> I do still have one (so far) problem though. When I tried to point my
> browser at my local BackupPC server page a get an "Unable to Connect"
> message and an AVC:
> 
> Raw Audit Messages :
> node=steve.blackwell type=AVC msg=audit(1272289200.98:138): avc: denied
> { write } for pid=31707 comm="perl5.10.0" name="BackupPC.sock" dev=dm-0
> ino=36667496 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
> 
> node=steve.blackwell type=SYSCALL msg=audit(1272289200.98:138):
> arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfbd44e0
> a2=cfe4ac a3=9317008 items=0 ppid=2037 pid=31707 auid=4294967295 uid=48
> gid=48 euid=495 suid=495 fsuid=495 egid=48 sgid=48 fsgid=48 tty=(none)
> ses=4294967295 comm="perl5.10.0" exe="/usr/bin/perl5.10.0"
> subj=system_u:system_r:httpd_t:s0 key=(null)
> 
> Now I know I could change the context of that socket file but I'm
> guessing that it gets created every time and so that is not a permanent
> solution. Is there a boolean I need to set; nothing looked obvious or
> perhaps a BackupPC policy I need to install?
> 
> Thanks,
> Steve
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
What directory is the socket in?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvVrQQACgkQrlYvE4MpobP6yACguSMgFt9DYp/cQvFUxlIIANtZ
rrgAoNMyZUbItaC96e512IR1A0IIoZZk
=0S/U
-----END PGP SIGNATURE-----

More information about the selinux mailing list