Selinux and Compiz: A SELinux rant

Jerry Amundson jamundso at gmail.com
Tue Oct 28 13:26:41 UTC 2008


On Tue, Oct 28, 2008 at 7:56 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> SELinux has a bug in the selinux-policy-targeted package that fails to
> setup the user database correct if the package is initially installed on
> a disabled system.  If you later turn SELinux on, your database is
> screwed up so you were not able to login.   The post install executes
> these commands
> semanage -S targeted -i - << __eof
> user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
> user -a -P user -R guest_r guest_u
> user -a -P user -R xguest_r xguest_u
> __eof
> semanage -S targeted -i - << __eof
> login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
> login -m  -s unconfined_u -r s0-s0:c0.c1023 root
> __eof
>
> Which basically setup the default user and root account to login as
> unconfined_t.  Since SELinux was disabled these commands failed.

OK, thanks.
I'll try it when I have a chance to get back on that system.

jerry

-- 
There's plenty of youth in America - it's time we find the "fountain of smart".




More information about the test mailing list