SELinux Attack!

Tim ignored_mailbox at yahoo.com.au
Fri Oct 12 16:05:34 UTC 2007 

Karl Larsen had a PANIC ATTACK about SELinux:
> This morning I started the computer and it stopped for 10 minutes 
> because it could not find cups. It talked about applying iptables but 
> had "never matched protocal" and when it finally came up Thunderbird was 
> broken.

This sounds more like a general networking problem, particularly to do
with name resolution.  Starting CUPs needs name resolution to work, so
does X, and many applications that'll use X, and particularly a mail
client.

The iptables message sounds like something I see at every boot related
to IPv6, which I don't expect to work because my router, and I think my
ISP, don't support it.  I can trigger the same error message like this:

# service ip6tables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading ip6tables modules:                               [  OK  ]
Applying ip6tables firewall rules: Warning: never matched protocol: 51. use extension match instead.
                                                           [  OK  ]

I will, fairly confidently, say that this is unimportant for most
people.

For your issue I strongly suspect that you need to check whether your
machine name resolves.  Look into your hosts file, your resolv.conf
file, and the addresses applied to your network interfaces.

>     I turned off SELinux but it is still fucking up my F7. It took and 
> hour before Thunderbird started working!
> 
>     I am still a long way out of the woods. If anyone has an idea on how 
> to delete SELinux from your computer I want to know about it. Also how 
> do I save my computer from the damage already done?
> 
>     I turned SELinux onto the Passive mode to try my hand at making a F8 
> CD. One of my larger errors :-)

I think you're chasing a red herring.  Anyway, you cannot remove
SELinux, there was a long thread about this not long ago.  You can put
it into permissive mode, where it's *supposed* to not stop anything,
just log it.  Or you can put it into disabled mode.

-- 
(This box runs FC7, my others run FC4, FC5 & FC6, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

More information about the fedora-list mailing list