[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Odd messages during bootup from gdm

Jim Cornette wrote:
Gene Heskett wrote:

I'll try it one more time, with it enabled. But it seems to me that if restorecon cannot access the config file, and here I'm ASSUMING that the config file in question is /etc/selinux/config, then I doubt seriously that restorecon can even begin to rectify the problems.

FWIW, here is an ls -lZa of /etc/selinux/config:
-rw-r--r-- root root system_u:object_r:file_t /etc/selinux/config

Is that anywhere near correct? Editing has always been done with vim, as root.

I would not edit a bunch of files in order to relabel.

1). Boot with selinux=0 into runlevel 1
2). run fixfiles relabel and answer yes to clear the /tmp directory
3). Reboot the computer after fixfiles relabel is completed.

This should relabel the system. (The law book for SELinux)
After the relabeling, SELinux being enabled (The law enforcement officer) should protect the system by the hopefully properly labeled system.

If this does not relabel your system properly, something is missing on your system related to SELinux policy or functionality.


I agree Jim, but at this stage, I've NDI what might be missing/munged. But lets start with the menu choices in system-config-security*, which doesn't allow some settings, hence the use of vim to set it. If that "thing" is supposed to be the "approved" tool to do that, then let it fully control selinux. What I have here is certainly crippled.

If this tool is supposed to be able to initiate a repairing relabel of the system, add an obvious way to do that to this utility and you'll cut the length of threads like this one down considerably. This is to me, a classic case of security through obscurity, where only the blessed guru's who wrote it are supposed to know all the incantations.


Cheers, Gene

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]