SELinux Attack!
Karl Larsen
k5di at zianet.com
Sat Oct 13 11:55:42 UTC 2007
Thomas Cameron wrote:
> On Fri, 2007-10-12 at 12:31 -0600, Karl Larsen wrote:
>
>> Thomas Cameron wrote:
>>
>>> On Fri, 2007-10-12 at 09:24 -0600, Karl Larsen wrote:
>>>
>>>
>>>
>>>> Yes the ONLY problem is that a F7 that was working just fine all by
>>>> itself found it can not locate cups. After 10 minutes it does find cups
>>>> but then it can't find sendmail for around 5 minutes. Then it comes up
>>>> very slow and when clear up into xwindows it still doesn't all work.
>>>> When it got to a point I could operate the SELinux control panels I
>>>> tried to turn SELinux off. To see what happens. Well just now looking at
>>>> dmesg the dam SELinux is not turned off! So what is the best way to make
>>>> sure this thing is turned off?
>>>>
>>>>
>>> Karl -
>>>
>>> What you are describing is almost surely a matter of your host not being
>>> able to resolve its own name. Nothing whatsoever to do with SELinux.
>>>
>>> Post the contents of your /etc/hosts and /etc/resolv.conf files.
>>>
>>> I'm betting good money that localhost does not resolve.
>>>
>>>
>>>
>> [karl at k5di ~]$ cat /etc/hosts
>> # Do not remove the following line, or various programs
>> # that require network functionality will fail.
>> 127.0.0.1 localhost.localdomain localhost
>> ::1 localhost6.localdomain6 localhost6
>> 192.168.0.1 dsl
>> [karl at k5di ~]$
>>
>> [karl at k5di ~]$ ping localhost
>> PING localhost.localdomain (127.0.0.1) 56(84) bytes of data.
>> 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64
>> time=0.060 ms
>> 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64
>> time=0.064 ms
>> 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=3 ttl=64
>> time=0.066 ms
>> 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=4 ttl=64
>> time=0.060 ms
>> 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=5 ttl=64
>> time=0.065 ms
>>
>> --- localhost.localdomain ping statistics ---
>> 5 packets transmitted, 5 received, 0% packet loss, time 4000ms
>> rtt min/avg/max/mdev = 0.060/0.063/0.066/0.002 ms
>> [karl at k5di ~]$
>>
>> OK how much money were you going to send :-)
>>
>
> In this case, none. This is squarely your fault, nothing whatsoever to
> do with SELinux.
>
>
>> [karl at k5di ~]$ cat /etc/resolv.conf
>> ; generated by /sbin/dhclient-script
>> nameserver 216.234.192.92
>> nameserver 216.234.213.130
>> [karl at k5di ~]$
>> [karl at k5di ~]$
>>
>> It all looks fine to me.
>>
>
> And that is why you can't fix it. You don't understand it. With a
> little real information I (and I'm sure others on this list) see exactly
> what the issue was. I was close - I thought it was localhost not
> resolving. The answer is that your machine can't resolve its own name.
> "k5di" is not defined in /etc/hosts, and your DNS servers are public
> ones. What is your full hostname? k5di.xyz.com - what is the "xyz.com"
> part of your machine's name?
>
> 216.234.192.92 is ns1.zianet.com and 216.234.213.130 is ns2.zianet.com.
> They don't know anything about k5di.
>
> Change the line in /etc/hosts that looks like this:
>
> 127.0.0.1 localhost.localdomain localhost
>
> to this:
>
> 127.0.0.1 localhost.localdomain localhost k5di k5di.xyz.com
>
> Obviously, cahnge xyz.com to your domain name. Once you do that I
> imagine your services will start in a timely manner.
>
> SELinux is not involved. Please, until you understand of what you
> speak, keep quiet.
>
You are hunting ghosts. When I set up the network I changed the
system host name to k5di.com and it has been that for months. Years
before that on FC4.
Yesterday I changed nothing but turning off SELinux and the problems
have all disappeared.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the fedora-list
mailing list