[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: failed to customize policy, SELinux won't let me
- From: Florin Andrei <florin andrei myip org>
- To: fedora-selinux-list redhat com
- Subject: Re: failed to customize policy, SELinux won't let me
- Date: Wed, 03 May 2006 14:30:04 -0700
On Wed, 2006-05-03 at 13:19 -0400, Stephen Smalley wrote:
> On Wed, 2006-05-03 at 10:05 -0700, Florin Andrei wrote:
> > [root stantz custom]# pwd
> > /etc/selinux/custom
> Actually, /usr/share/selinux is the standard location for modules to be
> placed before running semodule on them, but that isn't directly relevant
> to the denial you see below.
Not mentioned in the FAQ. ;-)
> > [root stantz custom]# tail -n 1 /var/log/messages
> > May 3 10:02:51 stantz kernel: audit(1146675771.487:308): avc: denied
> > { rename } for pid=3845 comm="semodule" name="active" dev=hda4
> > ino=2319743 scontext=user_u:system_r:semanage_t:s0
> > tcontext=user_u:object_r:selinux_config_t:s0 tclass=dir
>
> Yes, this has shown up before - it indicates that
> your /etc/selinux/targeted/modules tree has become mislabeled. Run
> restorecon -R on it. I think that this has been corrected already in
> updates?
Hmmm... This is a fresh install, I applied all updates, rebooted, let
anacron do all the jobs, did "touch /.autorelabel", rebooted again.
Anyway, I did a restorecon, then some more policy tweaks (Postfix was
still hitting various snags), and it worked.
Thanks!
--
Florin Andrei
http://florin.myip.org/
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]