[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux Attack!

Hash: SHA1

Chris wrote:
> On Sun, 14 Oct 2007 11:24:59 -0600
> Karl Larsen <k5di zianet com> wrote:
>>     I have learned a lot about SELinux in the past week. It turns out 
>> the simple fix is to just turn it off. But it is possible I have
>> learned to live with SELinux turned full on and what to do if there
>> is trouble.
>>     This all started when I had to turn on SELinux to use a device,
>> so I did and there was no problem. So I left it turned on. Then one
>> morning I turned on my computer and instead of booting clear up in
>> just one minute, it stopped when init tried to turn on "cups". It
>> stayed there for 10 minutes! My thoughts were, how did I screw up the
>> file system so bad? So turned off the boot and booted up in the
>> rescue mode from a CD, and did #fsck /dev/sdb5 and it said there is
>> nothing wrong.
> I too had SELinux issues. Mine were of my own doing though. I soon
> found out the easies way to get my box to boot was as Karl mentioned,
> boot from the CD and rescue it. 
> I mounted the drive (as suggested) but simply edited
> the /etc/selinux/config file with a simple
> SELINUX=disabled
> Bingo - that solved that, rebooted and all was good. What I did next
> was simply tar up the /selinux directory from my lappy and then applied
> the tarball to my desktop.
> Went back into SELinux and had it enabled and set it to relabel on next
> boot-up.
> All seems fine after a week. Not sure how I mucked mine up, but I did
> and this is what I did to correct my fat-fingering.
A much easier way would have been

boot the kernel and add to boot line

enforcing=0 autorelabel

This should put the machine in permissive mode and force a relabel.
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]