selinux is a pain
Rick Sewill
rsewill at gmail.com
Tue Sep 20 17:25:26 UTC 2011
On Tuesday, September 20, 2011 10:30:38 AM Tim wrote:
> On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
> > I reinstalled (better hardware) a server and had selinux enabled (was
> > disabled before), and I starting to see why so many people don't use
> > selinux.
>
> Let's clarify what you've written... You are, now, trying to run a
> system with SELinux enabled, that was previously running with it
> disabled. The same files on the drive, just changing the SELinux
> setting. Is that right?
>
> If so, no wonder you're having grief. While SELinux was off, your
> system was writing files without setting any SELinux contexts. So,
> those files are just default files. Now that SELinux is on, there's no
> contexts written in the file attributes that would tell SELinux to allow
> access, so the default (for safety) action is to disallow it.
>
If the above is his problem, has he tried creating /.autorelabel and reboot?
Please see "man selinux",
"The best way to relabel the file system is to create the flag file
/.autorelabel and reboot. system-config-securitylevel, also has this
capability. The restorcon/fixfiles commands are also available for relabeling
files."
More information about the users
mailing list