SELinux preventing login (Fedora 16)
Paul W. Frields
stickster at gmail.com
Wed Apr 11 21:27:49 UTC 2012
On Wed, Apr 11, 2012 at 03:37:45PM -0400, Braden McDaniel wrote:
> On Wed, 2012-04-11 at 15:25 -0400, Daniel J Walsh wrote:
> > Are you booted with SELinux in permissive mode of disabled?
>
> I'm booted with it disabled:
>
> # cat /etc/selinux/config | grep disabled
> # disabled - No SELinux policy is loaded.
> SELINUX=disabled
>
> > ausearch -m avc
>
> That's long; I'll attach it.
You might want to try this as root first, after saving your work:
touch /.autorelabel ; reboot
Running SELinux disabled is unnecessary. Running in permissive mode
is much better, since it allows you to switch back and forth without
labeling problems.
When you run in disabled mode, SELinux labels aren't written to the
disk when files are created, so when you try to turn SELinux on later,
it results in lots of denial errors. Permissive mode does pretty much
the same thing as enforcing mode, but any denials are ignored, so
SELinux won't prevent access.
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
The open source story continues to grow: http://opensource.com
More information about the users
mailing list