On Tuesday, September 20, 2011 10:30:38 AM Tim wrote:
On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
Let's clarify what you've written... You are, now, trying to run a
system with SELinux enabled, that was previously running with it
disabled. The same files on the drive, just changing the SELinux
setting. Is that right?
If so, no wonder you're having grief. While SELinux was off, your
system was writing files without setting any SELinux contexts. So,
those files are just default files. Now that SELinux is on, there's no
contexts written in the file attributes that would tell SELinux to allow
access, so the default (for safety) action is to disallow it.
If the above is his problem, has he tried creating /.autorelabel and reboot?
Please see "man selinux",
"The best way to relabel the file system is to create the flag file
/.autorelabel and reboot. system-config-securitylevel, also has this
capability. The restorcon/fixfiles commands are also available for relabeling
files."