On Thu, 2009-08-06 at 15:21 -0700, Peter Joseph wrote:
While experimenting with SELinux, I finally managed to lock myself
out of the
system. The only way to get back in, I had to add "selinux=0" to the end of
the kernel line.
Now, if I run in a permissive mode the following message appears when I try
to log in:
"Could not connect to session bus: An SELinux policy prevents this sender
from sending this message to this recipient (rejected message had sender
"(unset)" interface "org.freedesktop.DBus" member "Hello"
error name
"(unset)" destination "org.freedesktop.DBus)."
I am forced to go back to the grub prompt and disable SELinux again, in
order to get in. What is the best way to reset SEL to its original state?
Boot with enforcing=0 to come up in permissive mode (i.e. stay enabled,
log any denials that would occur, but don't enforce them).
Then look for avc denial messages in /var/log/messages
or /var/log/audit/audit.log. Those will help indicate what it is going
wrong and what needs to be fixed.
--
Stephen Smalley
National Security Agency