[MLS Policy]:- MLS policy problem when manully restart the servers .

prakash hallalli prakashkhallalli at gmail.com
Tue Jun 10 11:44:24 UTC 2008 

Hi All

I have configured SELinux on ContOS 5.1. I have configured the RBAC using
MLS (Multilevel Security) Policy.
Now i am trying to restart the system services and they are not restarting
and it is throwing some error message.
I have a question here, with mls policy enabled will i be able to restart
the system service? If yes then what to do and If no what is the reason?

Steps to reproduce:

1) MLS Policy configuration.

1. Install selinux-policy-mls
2. Set SELINUXTYPE=MLS in /etc/selinux/config file
3. touch ./autorelabel; on root's home directory, and reboot the machine.
4. While machine is rebooting, change the GRUB parameter.
enforcing=0

2) Now system is in permissive mode and SELinux status is as follows.

# sestatus
SELinux status:                 enabled
SELinuxfs mount:               /selinux
Current mode:                    permissive
Mode from config file:        enforcing
Policy version:                  21
policy from config file:        mls

3) Restart the system services and they restart successfully.

[root at turtle11 ~]# service nfs restart
Shutting down NFS mountd:                                   [FAILED]
Shutting down NFS daemon:                                  [FAILED]
Shutting down NFS quotas:                                    [FAILED]
Shutting down NFS services:                                  [FAILED]
Starting NFS services:                                           [  OK  ]
Starting NFS quotas:                                             [  OK  ]
Starting NFS daemon:                                           [  OK  ]
Starting NFS mountd:                                            [  OK  ]

4) Now i am setting enforcing mode using setenforce command.

root at turtle11 ~]#setenforce 1
root at turtle11 ~]# sestatus
SELinux status:             enabled
SELinuxfs mount:          /selinux
Current mode:               enforcing
Mode from config file:    enforcing
Policy version:              21
Policy from config file:   mls

5) a) Now system is in enforcing mode and i am trying to restart the system
service. The restart will result in error message.

root at turtle11 ~]#service nfs restart
/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot
open shared object  file: No such file or directory
/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot
open shared object file: No such file or directory
nfs: unrecognized service

b) When I trying to login it will show the following error.

turtle login: smbldap3
/bin/login:error while loading shared libraries: libcrypt.so.1:failed to map
segment from shared object: Permission denied
/sbin/mingetty: error while loading shared libraries: libc.so.6: failed to
map segment from shared object: Permission denied

c) When using su command.

root at turtle11 ~]# su smbldap3
su: error while loading shared libraries: libpam.so.0: failed to map segment
from shared object: Permission denied

I am not sure what is going on. I referred to many websites and PDFs but
couldn't get the proper solution.

please help me.

Thanks
Prakash.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20080610/911f8619/attachment.html

More information about the selinux mailing list