Re: SELinux Reset

Friday, 7 August 2009

On Thu, 2009-08-06 at 15:21 -0700, Peter Joseph wrote:
...
 While experimenting with SELinux, I finally managed to lock myself
out of the
 system.  The only way to get back in, I had to add "selinux=0" to the end of
 the kernel line.
 Now, if I run in a permissive mode the following message appears when I try
 to log in:

 "Could not connect to session bus: An SELinux policy prevents this sender
 from sending this message to this recipient (rejected message had sender
 "(unset)" interface "org.freedesktop.DBus" member "Hello"
error name
 "(unset)" destination "org.freedesktop.DBus)."

 I am forced to go back to the grub prompt and disable SELinux again, in
 order to get in.  What is the best way to reset SEL to its original state? 
Boot with enforcing=0 to come up in permissive mode (i.e. stay enabled,
log any denials that would occur, but don't enforce them).

Then look for avc denial messages in /var/log/messages
or /var/log/audit/audit.log.  Those will help indicate what it is going
wrong and what needs to be fixed.

-- 
Stephen Smalley
National Security Agency

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: SELinux Reset