SELinux is screwing me up!!!! Help!
James Wilkinson
fedora at westexe.demon.co.uk
Sun Dec 18 21:41:01 UTC 2005
Daniel B. Thurman wrote:
> I believe all of my problems started because I had backup
> and restored my filesystem and and *somehow* all or some
> of the selinux attributes may have been messed up. Reading
> the selinux manual, it says that you can rebuild it by touching
> a file: /.autorelabel and reboot. I did that, and I still have
> the same problem as before - nothing has changed. I checked some
> of the file-permissions such as /bin/su and note that they are
> correct and other files and directory - so at first mini-check it
> all appears to be correct. The restore appears correct throughout
> on precursory checks.
>
> The following are problem I am having....
Calm down...
You haven't yet proved that it is SELinux. Temporarily add selinux=0 to
your kernel command line.
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2825880
You do this through grub: when you're booting and grub displays it's
"choose a kernel" screen, press "e". Choose the line that starts with
"kernel", and type "e" to edit this line. At the end, add
selinux=0
(making sure that there's a space between that and whatever came
before).
Press Enter and "b" to boot the system. Now SELinux is disabled (this
once). Anything that still remains can't be SELinux's fault.
> 1) I cannot login as a non-root user! I have 4 non-root user accounts
> and yet I cannot log into any of them except as root!
>
> I get the following message when attempting to log in:
>
> ==========================================
> Your session lasted less than 10 seconds. If you have not
> logged out yourself, this could mean that there is some
> installation problem or that you may be out of diskspace.
> Try logging in with one of the failsafe sessions to see if
> you can fix this problem.
>
> [] View details (~/.xsession-errors file)
> ==========================================
>
> then I get kicked out of the login session.
I assume that you have, in fact, checked for disk space: try the command
line
df -m
Try pressing Ctrl-Alt-F1 to get to a text-mode screen, and log in there
as a non-root user.
Try running
tune2fs -l /dev/sdb1 | grep features
where sbd1 is your new filesystem: it may be that you haven't enabled
enough for SELinux.
A mounted Fedora filesystem returns
Filesystem features: has_journal ext_attr resize_inode dir_index
filetype needs_recovery sparse_super large_file
You should worry if it hasn't got an "ext_attr".
You may find that tune2fs -O will let you add this: make sure you've got
good backups, though. You may then need to run e2fsck. You shouldn't do
this on a mounted filesystem.
Hope this helps,
James.
--
E-mail address: james | A woodpigeon would, If a woodpigeon could,
@westexe.demon.co.uk | But a woodpigeon can't, So it won't.
| A woodpigeon could, If a woodpigeon would,
| But a woodpigeon doesn't want to. So it doesn't.
More information about the fedora-list
mailing list