Daniel J Walsh
dwalsh at redhat.com
Fri Feb 8 13:41:03 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Terry - Fedora Core wrote:
> As I reported on another thread, SELinux has caused me trouble and
> blocked access to my hard disks.
> To solve the problem, I set SELinux to "permissive" mode. Am I positive
> that SELinux caused the problem of not being able access the hard disks.
> No. But then when I set SELinux to permissive mode the problem
> disappeared. Not proof, but very strong evidence.
> My question:
> Should I enable SELinux again?
> What do I gain if I do?
> Will the gain be greater than the loss of accessing my computer hard disks?
> And if I do, how do I try to prevent it from locking me out of the hard
> disks again?
> How do I determine what caused SELinux to block access, how much trouble
> is it to change SELinux to prevent it from doing that again?
> Your insights are appreciated.
Look for error messages in /var/log/audit/audit.log. Install
setroubleshoot, it will tell you when SELinux is complaining about
something and attempt to give you a way to fix it.
Most likely the disk you are having problems with is not labeled
correcty. SELinux relies on extended attributes containing labels for
every file on the system. If a file does not have a label, the kernel
says the label is file_t and no confined domains can use the file. You
can either label the disk, by executing a command like
restorecon -R -v PATHTODDISK
Or you can fully relabel the entire system using
touch /.autorelabel; reboot
Or if you do not want to label the disk you can use the mount
command/fstab entry to put a single label for the entire file system.
mount -o context="sytstem_u:object_r:default_t:s0" DISK MOUNTPOINT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the users