SELinux Reset
Peter Joseph
peterjb at mtaonline.net
Mon Aug 10 19:10:23 UTC 2009
Peter Joseph wrote:
>
>>While experimenting with SELinux, I finally managed to lock myself out of
the system. The only way to get back in, I had >to add "selinux=0" to the
end of the kernel line.
>>Now, if I run in a permissive mode the following message appears when I
try to log in:
>
>>"Could not connect to session bus: An SELinux policy prevents this sender
from sending this message to this recipient >(rejected message had sender
"(unset)" interface "org.freedesktop.DBus" member "Hello" error name
"(unset)" destination >"org.freedesktop.DBus)."
>
>>I am forced to go back to the grub prompt and disable SELinux again, in
order to get in. What is the best way to reset >SEL to its original state?
>
Problem solved.
Appending selinux=0 to the end of the kernel line enabled me to get back
into the system, however, I found no way of working with SELinux on account
of it being disabled.
Appending unconfined_login = 1 instead, brought me to a root prompt with
SELinux enabled.
Used the following to check and restore:
# getsebool unconfined_login
unconfined_login --> off
# setsebool -P unconfined_login=1
# getsebool unconfined_login
unconfined_login --> on
# poweroff
One thing though, the "unconfined_login = 1" added to the kernel line has to
contain a space before and after the equal sign.
--
View this message in context: http://www.nabble.com/SELinux-Reset-tp24855587p24905702.html
Sent from the Fedora SELinux List mailing list archive at Nabble.com.
More information about the fedora-selinux-list
mailing list