On Fri, 2006-01-27 at 17:49 +0200, G Jahchan wrote:
ls -Z /sbin/init
-rwxr-xr-x root root system_u:object_r:staff_home_t /sbin/init
That's your problem - your filesystem is incorrectly labeled. Don't
know how your /sbin/init program ended up with the type of a staff home
directory; it should have init_exec_t.
/sbin/restorecon -nv /sbin/init
If that correctly relabels to init_exec_t, then proceed to do a full
relabel, i.e. touch /.autorelabel and reboot or pass 'autorelabel' on
the kernel command line. Or shut down to single-user and run 'fixfiles
relabel'. All variations on the same theme...
/etc/passwd system_u:object_r:staff_home_t
Should be etc_t.
/bin/bash system_u:object_r:staff_home_t
shell_exec_t
/bin/login system_u:object_r:staff_home_t
login_exec_t
/sbin/init system_u:object_r:staff_home_t
init_exec_t
/sbin/mingetty system_u:object_r:staff_home_t
getty_exec_t
/usr/sbin/sshd system_u:object_r:staff_home_t
sshd_exec_t
The results of audit2why seem to indicate a mismatch between current
in-memory
boolean settings vs. permanent ones.
No, just a filesystem labeling problem. audit2why can't determine that;
it just diagnoses policy problems.
--
Stephen Smalley
National Security Agency