Hi I have followed the same steps what you are given the information to change the libc.so.6 file label. Now user will be able to login to the system it not showing any error message while login time. But still i am not able do system restart services. Now it showing error message is unrecognized service.
I have received the following error messages.
[root@turtle11 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 21 Policy from config file: mls
[root@turtle11 ~]# service nfs restart Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS quotas: [ OK ] Shutting down NFS services: [ OK ] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ]
[root@turtle11 ~]# setenforce 1 [root@turtle11 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: mls
[root@turtle11 ~]# service nfs restart nfs: unrecognized service
[root@turtle11 ~]# service ldap restart ldap: unrecognized service
[root@turtle11 ~]# service samba restart samba: unrecognized service
[root@turtle11 ~]# service named restart named: unrecognized service [root@turtle11 ~]#
Please help me, what should i do.
Thanks, prakash
On Tue, Jun 10, 2008 at 5:37 PM, Stephen Smalley sds@tycho.nsa.gov wrote:
On Tue, 2008-06-10 at 17:14 +0530, prakash hallalli wrote:
Hi All
I have configured SELinux on ContOS 5.1. I have configured the RBAC using MLS (Multilevel Security) Policy. Now i am trying to restart the system services and they are not restarting and it is throwing some error message. I have a question here, with mls policy enabled will i be able to restart the system service? If yes then what to do and If no what is the reason?
Steps to reproduce:
- MLS Policy configuration.
- Install selinux-policy-mls
- Set SELINUXTYPE=MLS in /etc/selinux/config file
- touch ./autorelabel; on root's home directory, and reboot the
machine. 4. While machine is rebooting, change the GRUB parameter. enforcing=0
- Now system is in permissive mode and SELinux status is as follows.
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 21 policy from config file: mls
- Restart the system services and they restart successfully.
[root@turtle11 ~]# service nfs restart Shutting down NFS mountd: [FAILED] Shutting down NFS daemon: [FAILED] Shutting down NFS quotas: [FAILED] Shutting down NFS services: [FAILED] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ]
- Now i am setting enforcing mode using setenforce command.
root@turtle11 ~]#setenforce 1 root@turtle11 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: mls
- a) Now system is in enforcing mode and i am trying to restart the
system service. The restart will result in error message.
root@turtle11 ~]#service nfs restart /sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory /sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
This suggests that libc.so.6 has the wrong label. In older versions of the policy, this was a difference between targeted and strict/mls policies. Boot in single-user mode and run fixfiles -F relabel.
nfs: unrecognized service
b) When I trying to login it will show the following error.
turtle login: smbldap3 /bin/login:error while loading shared libraries: libcrypt.so.1:failed to map segment from shared object: Permission denied /sbin/mingetty: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied
c) When using su command.
root@turtle11 ~]# su smbldap3 su: error while loading shared libraries: libpam.so.0: failed to map segment from shared object: Permission denied
I am not sure what is going on. I referred to many websites and PDFs but couldn't get the proper solution.
please help me.
Thanks Prakash.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- Stephen Smalley National Security Agency
prakash hallalli wrote:
Hi I have followed the same steps what you are given the information to change the libc.so.6 file label. Now user will be able to login to the system it not showing any error message while login time. But still i am not able do system restart services. Now it showing error message is unrecognized service.
I have received the following error messages.
[root@turtle11 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 21 Policy from config file: mls
[root@turtle11 ~]# service nfs restart Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS quotas: [ OK ] Shutting down NFS services: [ OK ] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ]
[root@turtle11 ~]# setenforce 1 [root@turtle11 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: mls
[root@turtle11 ~]# service nfs restart nfs: unrecognized service
[root@turtle11 ~]# service ldap restart ldap: unrecognized service
[root@turtle11 ~]# service samba restart samba: unrecognized service
[root@turtle11 ~]# service named restart named: unrecognized service [root@turtle11 ~]#
Please help me, what should i do.
Thanks, prakash
On Tue, Jun 10, 2008 at 5:37 PM, Stephen Smalley sds@tycho.nsa.gov wrote:
On Tue, 2008-06-10 at 17:14 +0530, prakash hallalli wrote:
Hi All
I have configured SELinux on ContOS 5.1. I have configured the RBAC using MLS (Multilevel Security) Policy. Now i am trying to restart the system services and they are not restarting and it is throwing some error message. I have a question here, with mls policy enabled will i be able to restart the system service? If yes then what to do and If no what is the reason?
Steps to reproduce:
- MLS Policy configuration.
- Install selinux-policy-mls
- Set SELINUXTYPE=MLS in /etc/selinux/config file
- touch ./autorelabel; on root's home directory, and reboot the
machine. 4. While machine is rebooting, change the GRUB parameter. enforcing=0
- Now system is in permissive mode and SELinux status is as follows.
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 21 policy from config file: mls
- Restart the system services and they restart successfully.
[root@turtle11 ~]# service nfs restart Shutting down NFS mountd: [FAILED] Shutting down NFS daemon: [FAILED] Shutting down NFS quotas: [FAILED] Shutting down NFS services: [FAILED] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ]
- Now i am setting enforcing mode using setenforce command.
root@turtle11 ~]#setenforce 1 root@turtle11 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: mls
- a) Now system is in enforcing mode and i am trying to restart the
system service. The restart will result in error message.
root@turtle11 ~]#service nfs restart /sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory /sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
This suggests that libc.so.6 has the wrong label. In older versions of the policy, this was a difference between targeted and strict/mls policies. Boot in single-user mode and run fixfiles -F relabel.
nfs: unrecognized service
b) When I trying to login it will show the following error.
turtle login: smbldap3 /bin/login:error while loading shared libraries: libcrypt.so.1:failed to map segment from shared object: Permission denied /sbin/mingetty: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied
c) When using su command.
root@turtle11 ~]# su smbldap3 su: error while loading shared libraries: libpam.so.0: failed to map segment from shared object: Permission denied
I am not sure what is going on. I referred to many websites and PDFs but couldn't get the proper solution.
please help me.
Thanks Prakash.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- Stephen Smalley National Security Agency
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Try
# run_init service nfs restart
selinux@lists.fedoraproject.org