On Wed, 2006-05-03 at 13:19 -0400, Stephen Smalley wrote:
On Wed, 2006-05-03 at 10:05 -0700, Florin Andrei wrote:
> [root@stantz custom]# pwd
> /etc/selinux/custom
Actually, /usr/share/selinux is the standard location for modules to
be
placed before running semodule on them, but that isn't directly relevant
to the denial you see below.
Not mentioned in the FAQ. ;-)
> [root@stantz custom]# tail -n 1 /var/log/messages
> May 3 10:02:51 stantz kernel: audit(1146675771.487:308): avc: denied
> { rename } for pid=3845 comm="semodule" name="active" dev=hda4
> ino=2319743 scontext=user_u:system_r:semanage_t:s0
> tcontext=user_u:object_r:selinux_config_t:s0 tclass=dir
Yes, this has shown up before - it indicates that
your /etc/selinux/targeted/modules tree has become mislabeled. Run
restorecon -R on it. I think that this has been corrected already in
updates?
Hmmm... This is a fresh install, I applied all updates, rebooted, let
anacron do all the jobs, did "touch /.autorelabel", rebooted again.
Anyway, I did a restorecon, then some more policy tweaks (Postfix was
still hitting various snags), and it worked.
Thanks!
--
Florin Andrei
http://florin.myip.org/