SELinux is screwing me up!!!! Help!

James Wilkinson fedora at westexe.demon.co.uk
Sun Dec 18 21:41:01 UTC 2005


Daniel B. Thurman wrote:
> I believe all of my problems started because I had backup
> and restored my filesystem and and *somehow* all or some
> of the selinux attributes may have been messed up.  Reading
> the selinux manual, it says that you can rebuild it by touching
> a file: /.autorelabel and reboot.  I did that, and I still have
> the same problem as before - nothing has changed.  I checked some
> of the file-permissions such as /bin/su and note that they are
> correct and other files and directory - so at first mini-check it
> all appears to be correct. The restore appears correct throughout
> on precursory checks.
> 
> The following are problem I am having....

Calm down...

You haven't yet proved that it is SELinux. Temporarily add selinux=0 to
your kernel command line.
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2825880

You do this through grub: when you're booting and grub displays it's
"choose a kernel" screen, press "e". Choose the line that starts with
"kernel", and type "e" to edit this line. At the end, add
 selinux=0
(making sure that there's a space between that and whatever came
before).

Press Enter and "b" to boot the system. Now SELinux is disabled (this
once). Anything that still remains can't be SELinux's fault.

> 1) I cannot login as a non-root user!  I have 4 non-root user accounts
> and yet I cannot log into any of them except as root!
> 
> I get the following message when attempting to log in:
> 
>  ==========================================
>  Your session lasted less than 10 seconds. If you have not
>  logged out yourself, this could mean that there is some
>  installation problem or that you may be out of diskspace.
>  Try logging in with one of the failsafe sessions to see if
>  you can fix this problem.
> 
>  [] View details (~/.xsession-errors file)
>  ==========================================
> 
> then I get kicked out of the login session.

I assume that you have, in fact, checked for disk space: try the command
line
df -m

Try pressing Ctrl-Alt-F1 to get to a text-mode screen, and log in there
as a non-root user.

Try running
tune2fs -l /dev/sdb1 | grep features
where sbd1 is your new filesystem: it may be that you haven't enabled
enough for SELinux.

A mounted Fedora filesystem returns
Filesystem features:      has_journal ext_attr resize_inode dir_index
filetype needs_recovery sparse_super large_file
You should worry if it hasn't got an "ext_attr".

You may find that tune2fs -O will let you add this: make sure you've got
good backups, though. You may then need to run e2fsck. You shouldn't do
this on a mounted filesystem.

Hope this helps,

James.

-- 
E-mail address: james | A woodpigeon would, If a woodpigeon could,
@westexe.demon.co.uk  | But a woodpigeon can't, So it won't.
                      | A woodpigeon could, If a woodpigeon would,
                      | But a woodpigeon doesn't want to. So it doesn't.




More information about the fedora-list mailing list