Rename to policy.16 and now I got bigger problems

yonas abraham yonasb at netzero.com
Mon Apr 5 22:39:45 UTC 2004 

probably you need to relabel the files after you change the policy. i.e

rename policy to policy.16
relabel
reboot.

--yonas

jim tate wrote:

> Rename /etc/security/selinux/policy. to policy.16 and went into 
> /etc/sysconfig/selinux
> and set SELINUX=enforcing and reboot computer and bootup hungup and 
> gave me
> all kinds of error messages,see below.
> and I changed back to SELINUX=permissive and still got error messages, 
> but I could
> at least I could get to user login window I now have SELINUX=disable 
> but I couldn't login as mickey user, had to login as root desktop 
> only. Got error message when trying to login user:
> ERROR Unable to set executable context.
>
> Thanks
> Jim Tate
>
> pr 5 16:27:23 mickeyboy kernel: audit(1081200443.557:0): avc: denied { 
> getattr } for pid=2247 exe=/usr/sbin/utempter path=/etc/passwd 
> dev=hda2 ino=3181518 scontext=root:sysadm_r:utempter_t 
> tcontext=system_u:object_r:file_t tclass=file
>
> Apr  5 16:27:23 mickeyboy kernel: audit(1081200443.558:0): avc:  
> denied  { read write } for  pid=2247 exe=/usr/sbin/utempter name=utmp 
> dev=hda2 ino=3883013 scontext=root:sysadm_r:utempter_t 
> tcontext=system_u:object_r:var_run_t tclass=file
> Apr  5 16:27:23 mickeyboy kernel: audit(1081200443.558:0): avc:  
> denied  { lock } for  pid=2247 exe=/usr/sbin/utempter 
> path=/var/run/utmp dev=hda2 ino=3883013 
> scontext=root:sysadm_r:utempter_t tcontext=system_u:object_r:var_run_t 
> tclass=file
> Apr  5 16:27:23 mickeyboy gconfd (root-2249): starting (version 
> 2.6.0), pid 2249 user 'root'
> Apr  5 16:27:23 mickeyboy gconfd (root-2249): Resolved address 
> "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only config 
> source at position 0
> Apr  5 16:27:23 mickeyboy gconfd (root-2249): Resolved address 
> "xml:readwrite:/root/.gconf" to a writable config source at position 1
> Apr  5 16:27:23 mickeyboy gconfd (root-2249): Resolved address 
> "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only config 
> source at position 2
> Apr  5 16:27:25 mickeyboy kernel: audit(1081200445.809:0): avc:  
> denied  { unix_read unix_write } for  pid=1987 
> exe=/usr/X11R6/bin/XFree86 key=0 scontext=system_u:system_r:kernel_t 
> tcontext=root:sysadm_r:sysadm_t tclass=shm
> Apr  5 16:27:25 mickeyboy kernel: audit(1081200445.809:0): avc:  
> denied  { read write } for  pid=1987 exe=/usr/X11R6/bin/XFree86 key=0 
> scontext=system_u:system_r:kernel_t tcontext=root:sysadm_r:sysadm_t 
> tclass=shm
> Apr  5 16:27:25 mickeyboy kernel: audit(1081200445.809:0): avc:  
> denied  { use } for  pid=1987 path=/SYSV00000000 (deleted) dev= 
> ino=196608 scontext=system_u:system_r:kernel_t 
> tcontext=root:sysadm_r:sysadm_t tclass=fd
> Apr  5 16:27:25 mickeyboy kernel: audit(1081200445.809:0): avc:  
> denied  { getattr associate } for  pid=1987 exe=/usr/X11R6/bin/XFree86 
> key=0 scontext=system_u:system_r:kernel_t 
> tcontext=root:sysadm_r:sysadm_t tclass=shm
> Apr  5 16:29:05 mickeyboy kernel: audit(1081200545.650:0): avc:  denied
>
>
>

More information about the fedora-test-list mailing list