installation of selinux on non-selinux system
Jim Cornette
jim-cornette at insight.rr.com
Sun Nov 21 13:40:40 UTC 2004
Daniel J Walsh wrote:
> Jim Cornette wrote:
>
>> After upgrading a computer from FC2 to FC3, I decided to give SELinux
>> a shot and used up2date to retrieve the rpm for
>> selinux-policy-targeted and expected for all needed deps to be
>> pulled in. The other dependent ackages did not get pulled in with
>> this selection. I ended up having system messages not being
>> accessable and also httpd being damened with errors. I supposed that
>> there was an abnormality on my particular system. Within recent days,
>> I have noted others experiencing similar failures on the fedora-list.
>> I then decided that this might e a more common prblem than first
>> expected.
>>
>> Another Fedora user was asking questions regarding running fixfiles
>> relabel. I noticed that I also did not have fixfiles installed.
>> <>
>
> You need to install policycoreutils and relabel the file system.
>
Thanks Dan for the name of the rpm that is needed for fixfiles so
relabeling can be performed. My main question is for those systems that
are upgraded from non-selinux to systems where selinux is desired to be
added.
If one was to install selinux-policy-targeted via a repository
installation, up2date in my case. I would expect the inclusion of other
deps being pulled in.
Selinux gives sort of a working system when using
system-config-securitylevel to enable selinux via the gui. I am not too
sure if this would introduce "dep hell" if having policycoreutils pulled
in when selinux-policy for targeted or strict is pulled from a repo.
After relabeling my filesystem again in runlevel 1, I seem to get the
same type of errors as experienced before. .mozilla related files seemed
to be the major files that content was tried to be changed, when
relabeling for strict. See attached avc for today.
In order to bring up X, running setenforce 0 at a root shell was needed,
in order to launch X successfully. If there is some lingering config
file, either systemwide or hanging out in the per user directory that is
blocking X, I don't know.
Thanks,
Jim
> Dan
--
Peers's Law:
The solution to a problem changes the nature of the problem.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: after-relabel-no-X
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20041121/c3aff238/attachment.pl
More information about the selinux
mailing list