SELinux Attack!

[Karl Larsen]

    I have learned a lot about SELinux in the past week. It turns out 
the simple fix is to just turn it off. But it is possible I have learned 
to live with SELinux turned full on and what to do if there is trouble.

    This all started when I had to turn on SELinux to use a device, so I 
did and there was no problem. So I left it turned on. Then one morning I 
turned on my computer and instead of booting clear up in just one 
minute, it stopped when init tried to turn on "cups". It stayed there 
for 10 minutes! My thoughts were, how did I screw up the file system so 
bad? So turned off the boot and booted up in the rescue mode from a CD, 
and did #fsck /dev/sdb5 and it said there is nothing wrong.

    So booted up again and took a long walk. When I got back it had 
booted clear up but not everything worked. Here now is where I panicked 
because it was up but not well, and I knew nothing to do to fix my 
computer, and could not even send an email. So I left it "up" and went 
shopping for about 90 minutes. When I got home it seemed to be working 
fine and even Thunderbird was working.

    I wrote to this list and learned that this will correct a selinux 
label problem:

/.autorelabel and then reboot

This is in man selinux so when next it takes hours to boot up you can 
relabel your computer and be back in business, I did this and things 
went back to normal.

    So now that I know what to do the next time we get a selinux 
upgrade. I checked and sure enough when I turned on selinux the next day 
there was an update. So right now I will set up to use SELinux in it's 
safest mode and continue to use it unless it becomes a purple plague.

 


-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.