[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux Attack!



On Sat, 2007-10-13 at 06:41 -0600, Karl Larsen wrote:
> Vinayak Mahadevan wrote:
> > On 10/13/07, Karl Larsen <k5di zianet com> wrote:
> >   
> >>>       
> >>     I have had all those problems in the past years. But this problem
> >> yesterday was in fact caused by SELinux. I say that because different
> >> from your experience when I turned off SELinux all the problems went away.
> >>     
> >
> > let the machine  run for some days and then let us know your
> > experience with the machine.
> >
> > Vinayak
> >
> >   
>     So far so good. But I would like to know why SELinux did this. And 
> what do I need to do to to make SELinux work on this machine? There seem 
> to be others that use it and it works without a problem.

Karl-

As I recall, you said earlier in the thread that you had disabled
SELinux for a while when you were experimenting with spinning a custom
distribution.  

SELinux checks the contexts of files (their SELinux security
information) to see if programs are violating their restrictions, but it
also updates the contexts when files are created and updated.  If you
turn SELinux off, file contexts stop getting updated.  When you turn it
back on, the files may suddenly not have contexts that allow their
applications to access them.  You'll see the things going wrong
in /var/log/messages (grep for AVC and look for "denied" messages) or
you'll get that star icon in your notification area when a program.  And
of course, the programs that use incorrectly labeled files will not
work.

You also said at some point that you followed instructions to relabel
your filesystem and things started to work.  That is exactly the
solution to the problems introduced by turning SELinux off.  So if you
turn SELinux back on and relabel one more time, you should be OK after
that (as long as you leave SELinux on).

Most people don't see (too many) SELinux problems because most people
don't ever turn it off.  So it maintains itself.

> 
> 
> 
-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]