Is it supposed to be possible to run grub-install from the LiveCD with SELinux on?

Michael Wiktowy michael.wiktowy at gmail.com
Sun Apr 1 00:23:24 UTC 2007 

I am running into a ton of issues trying to get my SiI 3112 RAID1 set
booting. If anyone knows of a guide to the required voodoo to have
this work, please let me know as the f7test3 installer doesn't quite
end up with a bootable system.

Among my problems is that fact that SELinux is clobbering
grub-install. I get a number of the following errors for a bunch of
tmp files, bug or feature?:

Summary
    SELinux is preventing the /sbin/grub from using potentially mislabeled files
    (/tmp/sh-thd-1175367330 (deleted)).

Detailed Description
    SELinux has denied /sbin/grub access to potentially mislabeled file(s) (/tmp
    /sh-thd-1175367330 (deleted)).  This means that SELinux will not allow
    /sbin/grub to use these files.  It is common for users to edit files in
    their home directory or tmp directories and then move (mv) them to system
    directories.  The problem is that the files end up with the wrong file
    context which confined applications are not allowed to access.

Allowing Access
    If you want /sbin/grub to access this files, you need to relabel them using
    restorecon -v /tmp/sh-thd-1175367330 (deleted).  You might want to relabel
    the entire directory using restorecon -R -v /tmp.

Additional Information

Source Context                user_u:system_r:bootloader_t
Target Context                user_u:object_r:tmp_t
Target Objects                /tmp/sh-thd-1175367330 (deleted) [ file ]
Affected RPM Packages         grub-0.97-13 [application]
Policy RPM                    selinux-policy-2.5.10-2.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.home_tmp_bad_labels
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.20-1.3023.fc7 #1
                              SMP Sun Mar 25 22:12:02 EDT 2007 i686 athlon
Alert Count                   1
First Seen                    Sat 31 Mar 2007 08:15:14 PM EDT
Last Seen                     Sat 31 Mar 2007 08:15:14 PM EDT
Local ID                      cb145cc9-d84a-4900-9f36-71be93a6750f
Line Numbers

Raw Audit Messages

avc: denied { write } for comm="grub" dev=dm-0 egid=0 euid=0 exe="/sbin/grub"
exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="grub-install.log.ew4019"
path=2F746D702F73682D7468642D31313735333637333330202864656C6574656429 pid=4021
scontext=user_u:system_r:bootloader_t:s0 sgid=0
subj=user_u:system_r:bootloader_t:s0 suid=0 tclass=file
tcontext=user_u:object_r:tmp_t:s0 tty=pts0 uid=0

Thanks in advance for any help.

/Mike

More information about the test mailing list