Odd messages during bootup from gdm

Gene Heskett gene.heskett at verizon.net
Sat May 6 00:23:10 UTC 2006 

Tony Nelson wrote:
> At 10:44 PM -0500 5/4/06, Gene Heskett wrote:
>   
>> Tony Nelson wrote:
>>     
>
>   
>>>> So what actually is the magic incantation that will make this work?
>>>>
>>>>         
>>> touch /.autorelabel
>>> reboot
>>> edit grub command line, appending "enforcing=0"
>>> continue booting
>>> wait
>>>
>>> SELinux must be active but not enforcing for it to relabel.
>>>
>>>       
>> Ah, that might explain some of it, I thought it had to be disabled.
>>
>> I've now done an init 1, and invoked that command, which did take a
>> while, 10 minutes or so.
>> Then I re-enabled selinux and rebooted.   Got huge amount of those
>> warnings, 2-3 times more than before.  And I spotted this near the end
>> of the dmesg:
>> May  4 02:49:09 diablo kernel: md: Autodetecting RAID arrays.
>> May  4 02:49:09 diablo kernel: md: autorun ...
>> May  4 02:49:10 diablo kernel: md: ... autorun DONE.
>>
>> audit(1146799877.012:325): avc:  denied  { read } for  pid=2528
>> comm="restorecon" name="config" dev=hda5 ino=12898524
>> scontext=root:system_r:re
>> storecon_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file
>>
>> So I tried, in runlevel 3, restorecon -n /, and got this:
>> audit(1146799877.012:325): avc:  denied  { read } for  pid=2528
>> comm="restorecon" name="config" dev=hda5 ino=12898524
>> scontext=root:system_r:re
>> storecon_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file
>>
>> So whats wrong, and how did I arrive at this condition?
>>     
>
> In permissive mode, AVC denials will still be logged, but they have no force.
>   
Ahh, now the bulb brightens a bit.  I  thought it strange that I was 
getting 20-30k of squawks in the log, but everything appeared to be working.

That find command is running, but so far its only spit out the 
/.bash_history and /.viminfo files, and it's now done.

Thanks for the patience, I appreciate it.

Thanks.
> ____________________________________________________________________
> TonyN.:'                       <mailto:tonynelson at georgeanelson.com>
>       '                              <http://www.georgeanelson.com/>
>
>   


-- 
Cheers, Gene

More information about the fedora-list mailing list