Fwd: [MLS Policy]:- MLS policy problem when manully restart the servers .

["prakash hallalli" <prakashkhallalli gmail com>]

Hi 
I have followed the same steps what you are given the information to change the libc.so.6 file label. Now user will be able to login to the system it not showing any error message while login time. But still i am not able do system restart services. Now it showing error message is  unrecognized service.

I have received the following error messages.

[root turtle11 ~]# sestatus

SELinux status:                  enabled
SELinuxfs mount:                /selinux

Current mode:                     permissive

Mode from config file:          enforcing
Policy version:                    21

Policy from config file:         mls

[root turtle11 ~]# service nfs restart

Shutting down NFS mountd:                                   [  OK  ]
Shutting down NFS daemon:                                  [  OK  ]
Shutting down NFS quotas:                                    [ OK  ]
Shutting down NFS services:                                  [  OK  ]

Starting NFS services:                                           [  OK  ]
Starting NFS quotas:                                              [  OK  ]
Starting NFS daemon:                                            [  OK  ]
Starting NFS mountd:                                             [  OK  ]

[root turtle11 ~]# setenforce 1

[root turtle11 ~]# sestatus
SELinux status:                   enabled
SELinuxfs mount:                 /selinux
Current mode:                      enforcing
Mode from config file:           enforcing
Policy version:                     21
Policy from config file:          mls

[root turtle11 ~]# service nfs restart

nfs: unrecognized service

[root turtle11 ~]# service ldap restart
ldap: unrecognized service

[root turtle11 ~]# service samba restart
samba: unrecognized service

[root turtle11 ~]# service named restart
named: unrecognized service
[root turtle11 ~]#

Please help me, what should i do.

Thanks,
prakash

 

On Tue, Jun 10, 2008 at 5:37 PM, Stephen Smalley <sds tycho nsa gov> wrote:

On Tue, 2008-06-10 at 17:14 +0530, prakash hallalli wrote:
> Hi All
>
> I have configured SELinux on ContOS 5.1. I have configured the RBAC
> using MLS (Multilevel Security) Policy.
> Now i am trying to restart the system services and they are not
> restarting and it is throwing some error message.
> I have a question here, with mls policy enabled will i be able to
> restart the system service? If yes then what to do and If no what is
> the reason?
>
> Steps to reproduce:
>
> 1) MLS Policy configuration.
>
> 1. Install selinux-policy-mls
> 2. Set SELINUXTYPE=MLS in /etc/selinux/config file
> 3. touch ./autorelabel; on root's home directory, and reboot the
> machine.
> 4. While machine is rebooting, change the GRUB parameter.
> enforcing=0
>
> 2) Now system is in permissive mode and SELinux status is as follows.
>
> # sestatus
> SELinux status:                 enabled
> SELinuxfs mount:               /selinux
> Current mode:                    permissive
> Mode from config file:        enforcing
> Policy version:                  21
> policy from config file:        mls
>
> 3) Restart the system services and they restart successfully.
>
> [root turtle11 ~]# service nfs restart
> Shutting down NFS mountd:                                   [FAILED]
> Shutting down NFS daemon:                                  [FAILED]
> Shutting down NFS quotas:                                    [FAILED]
> Shutting down NFS services:                                  [FAILED]
> Starting NFS services:                                           [
> OK  ]
> Starting NFS quotas:                                             [
> OK  ]
> Starting NFS daemon:                                           [
> OK  ]
> Starting NFS mountd:                                            [
> OK  ]
>
> 4) Now i am setting enforcing mode using setenforce command.
>
> root turtle11 ~]#setenforce 1
> root turtle11 ~]# sestatus
> SELinux status:             enabled
> SELinuxfs mount:          /selinux
> Current mode:               enforcing
> Mode from config file:    enforcing
> Policy version:              21
> Policy from config file:   mls
>
> 5) a) Now system is in enforcing mode and i am trying to restart the
> system service. The restart will result in error message.
>
> root turtle11 ~]#service nfs restart
> /sbin/consoletype: error while loading shared libraries: libc.so.6:
> cannot open shared object  file: No such file or directory
> /sbin/consoletype: error while loading shared libraries: libc.so.6:
> cannot open shared object file: No such file or directory

This suggests that libc.so.6 has the wrong label.  In older versions of
the policy, this was a difference between targeted and strict/mls
policies.  Boot in single-user mode and run fixfiles -F relabel.

> nfs: unrecognized service
>
> b) When I trying to login it will show the following error.
>
> turtle login: smbldap3
> /bin/login:error while loading shared libraries: libcrypt.so.1:failed
> to map segment from shared object: Permission denied
> /sbin/mingetty: error while loading shared libraries: libc.so.6:
> failed to map segment from shared object: Permission denied
>
> c) When using su command.
>
> root turtle11 ~]# su smbldap3
> su: error while loading shared libraries: libpam.so.0: failed to map
> segment from shared object: Permission denied
>
> I am not sure what is going on. I referred to many websites and PDFs
> but couldn't get the proper solution.
>
> please help me.
>
> Thanks
> Prakash.
>
>

> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen Smalley
National Security Agency