Rawhide install report - 20080414 (selinux too tight again)
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 15 20:10:26 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
G.Wolfe Woodbury wrote:
> G.Wolfe Woodbury wrote:
>> Daniel J Walsh wrote:
>>> G.Wolfe Woodbury wrote:
>>>> Daniel J Walsh wrote:
>>>>> G.Wolfe Woodbury wrote:
>>>>>> Today's rawhide (20080414) installs just fine (my problem before seems
>>>>>> to have been a read error on the boot.iso).
>>>>>> However, the post-firstboot system won't allow any logins (with a
>>>>>> briefly flashed "no shell" notice on text console) until enforcing=0 is
>>>>>> set on the boot command line and SELinux is set to permissive mode.
>>>>>> it's starting to shape up to a decent release.
>>>>> What avc's are you seeing? Please attach the audit.log.
>>>> Here is the audit.log from the affected system, from firstboot to today.
>>>> --
>>>> G. Wolfe Woodbury
>>> You are logging in as hotplug_t? Which is a mistake. Could you run
>>> fixfiles restore on your machine to see if it is badly mislabeled?
>>>
>>> # rpm -q selinux-policy
>>> # semanage user -l
>>> # semanage login -l
>> There are some strange contexts in /home - relabeling, will check after
>> reboot on testbed machine.
>
> Relabeling seems to have cured the incessant AVC reports. I suspect
> that something changed in the SELinux package between the initial setup
> of /home and the re-installation (preserving home) that made the system
> think that the context was something else.
>
> Does system-config-users need an enhancement to relabel" when a
> pre-existing user is re-added to the system?
>
No, I don't believe so, but I wish I knew how the labeling got screwed up.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkgFC7IACgkQrlYvE4MpobMQiACgmb/V4wO3QRBqlfpaLtbh2LVN
n6oAnAlFLephyruNHbKFxl6wjjxOUWWD
=CULa
-----END PGP SIGNATURE-----
More information about the test
mailing list