Rather unwisely I followed through some advice from setroubleshootd on a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to / (xen_image_t).
Is there any way of fixing this?
Adam
Adam Huffman wrote:
Rather unwisely I followed through some advice from setroubleshootd on a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to / (xen_image_t).
Is there any way of fixing this?
restorecon /
xen images should be in their own directory. Not in / or /root. The default directory for xen images is under /var/lib/xen, which would solve your problem. I will take a look at the troubleshoot plugin to make fix it up.
Adam
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
On 10/01/07, Daniel J Walsh dwalsh@redhat.com wrote:
Adam Huffman wrote:
Rather unwisely I followed through some advice from setroubleshootd on a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to / (xen_image_t).
xen images should be in their own directory. Not in / or /root. The default directory for xen images is under /var/lib/xen, which would solve your problem. I will take a look at the troubleshoot plugin to make fix it up.
Yes, I was only experimenting with different locations because of an error in virt-install (it was complaining that it couldn't get access to the virtual disks I was creating).
On Wed, 2007-01-10 at 18:10 +0000, Adam Huffman wrote:
On 10/01/07, Daniel J Walsh dwalsh@redhat.com wrote:
Adam Huffman wrote:
Rather unwisely I followed through some advice from setroubleshootd on a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to / (xen_image_t).
xen images should be in their own directory. Not in / or /root. The default directory for xen images is under /var/lib/xen, which would solve your problem. I will take a look at the troubleshoot plugin to make fix it up.
Yes, I was only experimenting with different locations because of an error in virt-install (it was complaining that it couldn't get access to the virtual disks I was creating).
Use the force option (-F to fixfiles or restorecon) to force relabeling of even files with customizable types?
On 10/01/07, Stephen Smalley sds@tycho.nsa.gov wrote:
Use the force option (-F to fixfiles or restorecon) to force relabeling of even files with customizable types?
That seems to have done the trick.
Thanks a lot, Adam
Adam Huffman wrote:
Rather unwisely I followed through some advice from setroubleshootd on a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
Actually I just saw the -R. touch /.autorelabel; reboot
Is your best bet to fix the system labeling.
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to / (xen_image_t).
Is there any way of fixing this?
Adam
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
On 10/01/07, Daniel J Walsh dwalsh@redhat.com wrote:
chcon -R -t xen_image_t /
Actually I just saw the -R. touch /.autorelabel; reboot
Is your best bet to fix the system labeling.
Actually I've already done that, twice, and the warning messages persist.
I'll give it another go, though.
selinux@lists.fedoraproject.org
-
Adam Huffman -
Daniel J Walsh -
Stephen Smalley