[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: setsebool sandbox error on FC6

From: Stephen Smalley <sds tycho nsa gov>
To: "Arthur M. Kang" <arthur levelogic com>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: setsebool sandbox error on FC6
Date: Thu, 02 Nov 2006 08:25:01 -0500

(please disable html mail at least when posting to public lists)

On Thu, 2006-11-02 at 03:02 -0800, Arthur M. Kang wrote:
> On a fresh install of FC6, I'm getting errors when trying to use the
> setsebool command.
> 
> # setsebool httpd_disable_trans 1
> libsemanage.semanage_commit_sandbox: Error while
> renaming /etc/selinux/targeted/modules/active
> to /etc/selinux/targeted/modules/previous.
> Could not change policy booleans

This usually means that there is a labeling problem with /etc/selinux.
Run /sbin/restorecon -R /etc/selinux/targeted/modules.  Then try again.
Check for audit messages in /var/log/messages
or /var/log/audit/audit.log (the latter if running auditd).
  
> Has anyone else experienced similar problems?  Is there a problem on
> my end?  Is there a fix?
> 
> Although the error message is generated, the boolean does get set.
> However, the -P switch doesn't work and the boolean won't stick across
> reboots.
> 
> Is there an alternate method to remotely configure booleans that stick
> across reboots?
> 
> Any help is appreciated.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: setsebool sandbox error on FC6
  - From: Daniel J Walsh

References:
- setsebool sandbox error on FC6
  - From: Arthur M. Kang

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]