failed to customize policy, SELinux won't let me
Florin Andrei
florin at andrei.myip.org
Thu May 4 02:25:26 UTC 2006
On Wed, 2006-05-03 at 13:19 -0400, Stephen Smalley wrote:
> On Wed, 2006-05-03 at 10:05 -0700, Florin Andrei wrote:
> > [root at stantz custom]# semodule -i local.pp
> > libsemanage.semanage_commit_sandbox: Error while
> > renaming /etc/selinux/targeted/modules/active
> > to /etc/selinux/targeted/modules/previous.
> > semodule: Failed!
> > [root at stantz custom]# tail -n 1 /var/log/messages
> > May 3 10:02:51 stantz kernel: audit(1146675771.487:308): avc: denied
> > { rename } for pid=3845 comm="semodule" name="active" dev=hda4
> > ino=2319743 scontext=user_u:system_r:semanage_t:s0
> > tcontext=user_u:object_r:selinux_config_t:s0 tclass=dir
>
> Yes, this has shown up before - it indicates that
> your /etc/selinux/targeted/modules tree has become mislabeled. Run
> restorecon -R on it. I think that this has been corrected already in
> updates?
I rebooted the system and this happened again. :-(
I did a restorecon again and now it's working fine.
This is not right.
--
Florin Andrei
http://florin.myip.org/
More information about the selinux
mailing list