more on selinux
olga at urbantimes.net
olga at urbantimes.net
Thu Dec 7 16:20:37 UTC 2006
> On Wed, 2006-12-06 at 16:41 -0600, olga at urbantimes.net wrote:
>> It seems that mysql and other services have problem (syslog won't start
>> either) because certain libraries won't load. Now I come up with this
>> message:
>>
>> Starting system logger: syslogd: error while loading shared libraries:
>> libc.so.6: cannot open shared object file: Permission denied
>>
>> I get similar libc.* errors for other services, including mysql.
>>
>> If seen posts with others having the same message, but they got rid of
>> it
>> by disabling selinux.
>>
>> Does anyone know how to solve this without disabling selinux?
>
> This suggests that your filesystem is not labeled correctly, e.g. if you
> disabled SELinux earlier and installed some updates (like glibc), then
> those files wouldn't have the necessary security labels. You can
> selectively relabel files or directories via restorecon,
> e.g. /sbin/restorecon -R /lib, but you may need to perform a full
> filesystem relabel to ensure complete coverage (touch /.autorelabel;
> reboot). If even that doesn't work, boot with "enforcing=0 single" on
> the kernel command line to come up in permissive mode (don't deny
> anything, just log) and in single-user mode, and then run "fixfiles
> relabel", then reboot.
>
> --
> Stephen Smalley
> National Security Agency
>
Thank you! That solved the libc* error messages, and now syslog is
working! However, it also relabeled my directories for virtual hosts and
now they are not working.
I've been using this command to set virtual hosts with selinux:
chcon -R system_u:object_r:httpd_sys_content_t /home/vhost1
Is this the correct way to do it?
Also mysql still doesn't want to start. Any suggestions here?
Olga
More information about the fedora-list
mailing list