5:20 a.m.
Rather unwisely I followed through some advice from setroubleshootd on
a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able
to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to /
(xen_image_t).
Is there any way of fixing this?
Adam
7:40 a.m.
Adam Huffman wrote:
Rather unwisely I followed through some advice from setroubleshootd
on
a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able
to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to /
(xen_image_t).
Is there any way of fixing this?
restorecon /
xen images should be in their own directory. Not in / or /root. The
default directory for xen images is under /var/lib/xen, which would
solve your problem. I will take a look at the troubleshoot plugin to
make fix it up.
Adam
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
12:10 p.m.
On 10/01/07, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Adam Huffman wrote:
> Rather unwisely I followed through some advice from setroubleshootd on
> a new FC6 test system without thinking through the implications.
>
> It advised me to run:
>
> chcon -R -t xen_image_t /
>
> because xend was having some trouble with virtual disk files.
>
> This had some interesting consequences, most of which I have been able
> to fix via relabelling.
>
> However, there are still errors being reported for various daemons. E.g.
>
> SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to /
> (xen_image_t).
>
xen images should be in their own directory. Not in / or /root. The
default directory for xen images is under /var/lib/xen, which would
solve your problem. I will take a look at the troubleshoot plugin to
make fix it up.
Yes, I was only experimenting with different locations because of an
error in virt-install (it was complaining that it couldn't get access
to the virtual disks I was creating).
12:36 p.m.
On Wed, 2007-01-10 at 18:10 +0000, Adam Huffman wrote:
On 10/01/07, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
> Adam Huffman wrote:
> > Rather unwisely I followed through some advice from setroubleshootd on
> > a new FC6 test system without thinking through the implications.
> >
> > It advised me to run:
> >
> > chcon -R -t xen_image_t /
> >
> > because xend was having some trouble with virtual disk files.
> >
> > This had some interesting consequences, most of which I have been able
> > to fix via relabelling.
> >
> > However, there are still errors being reported for various daemons. E.g.
> >
> > SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to /
> > (xen_image_t).
> >
>
> xen images should be in their own directory. Not in / or /root. The
> default directory for xen images is under /var/lib/xen, which would
> solve your problem. I will take a look at the troubleshoot plugin to
> make fix it up.
Yes, I was only experimenting with different locations because of an
error in virt-install (it was complaining that it couldn't get access
to the virtual disks I was creating).
Use the force option (-F to fixfiles or restorecon) to force relabeling
of even files with customizable types?
--
Stephen Smalley
National Security Agency
7:41 a.m.
Adam Huffman wrote:
Rather unwisely I followed through some advice from setroubleshootd
on
a new FC6 test system without thinking through the implications.
It advised me to run:
chcon -R -t xen_image_t /
Actually I just saw the -R.
touch /.autorelabel; reboot
Is your best bet to fix the system labeling.
because xend was having some trouble with virtual disk files.
This had some interesting consequences, most of which I have been able
to fix via relabelling.
However, there are still errors being reported for various daemons. E.g.
SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to /
(xen_image_t).
Is there any way of fixing this?
Adam
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
12:09 p.m.
On 10/01/07, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
>
> chcon -R -t xen_image_t /
Actually I just saw the -R.
touch /.autorelabel; reboot
Is your best bet to fix the system labeling.
Actually I've already done that, twice, and the warning messages persist.
I'll give it another go, though.
6315
days inactive
6316
days old
selinux@lists.fedoraproject.org
6 comments
3 participants
participants (3)
-
Adam Huffman -
Daniel J Walsh -
Stephen Smalley