Re: Odd messages during bootup from gdm

Tony Nelson wrote:
At 10:44 PM -0500 5/4/06, Gene Heskett wrote:
Tony Nelson wrote:

So what actually is the magic incantation that will make this work?

touch /.autorelabel
reboot
edit grub command line, appending "enforcing=0"
continue booting
wait

SELinux must be active but not enforcing for it to relabel.

Ah, that might explain some of it, I thought it had to be disabled.

I've now done an init 1, and invoked that command, which did take a
while, 10 minutes or so.
Then I re-enabled selinux and rebooted. Got huge amount of those
warnings, 2-3 times more than before. And I spotted this near the end
of the dmesg:
May 4 02:49:09 diablo kernel: md: Autodetecting RAID arrays.
May 4 02:49:09 diablo kernel: md: autorun ...
May 4 02:49:10 diablo kernel: md: ... autorun DONE.

audit(1146799877.012:325): avc: denied { read } for pid=2528
comm="restorecon" name="config" dev=hda5 ino=12898524
scontext=root:system_r:re
storecon_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file

So I tried, in runlevel 3, restorecon -n /, and got this:
audit(1146799877.012:325): avc: denied { read } for pid=2528
comm="restorecon" name="config" dev=hda5 ino=12898524
scontext=root:system_r:re
storecon_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file

So whats wrong, and how did I arrive at this condition?

In permissive mode, AVC denials will still be logged, but they have no force.
Ahh, now the bulb brightens a bit. I thought it strange that I was getting 20-30k of squawks in the log, but everything appeared to be working.

That find command is running, but so far its only spit out the /.bash_history and /.viminfo files, and it's now done.

Thanks for the patience, I appreciate it.

Thanks.
____________________________________________________________________
TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx>
' <http://www.georgeanelson.com/>



--
Cheers, Gene


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: F7: SELinux feature or bug?
    ... that's what was in the SElinux message thingie as suggestion. ... I retyped the command with the proper directory to share and now the ... you will want to run something like: (This will reboot the ... This is the safest way to relabel since no processes are running when this happens. ...
    (Fedora)
  • Re: F7: SELinux feature or bug?
    ... that's what was in the SElinux message thingie as suggestion. ... I retyped the command with the proper directory to share and now the ... you will want to run something like: (This will reboot the ... This is the safest way to relabel since no processes are running when this happens. ...
    (Fedora)
  • Re: F7: SELinux feature or bug?
    ... that's what was in the SElinux message thingie as suggestion. ... I retyped the command with the proper directory to share and now the ... you will want to run something like: (This will reboot the ... This is the safest way to relabel since no processes are running when this happens. ...
    (Fedora)
  • Re: Odd messages during bootup from gdm
    ... Set SELinux to permissive mode, reboot, and in the grub menu add ... SELinux must be active but not enforcing for it to relabel. ...
    (Fedora)
  • Re: Odd messages during bootup from gdm
    ... edit grub command line, appending "enforcing=0" ... SELinux must be active but not enforcing for it to relabel. ...
    (Fedora)