Re: F7: SELinux feature or bug?

Jeroen Lankheet wrote:
Hi all,

I think I've been stupid or framed or both. I wanted to samba share a
USB disk on a F7 system but got an SELinux message saying that the
directory could not be shared, and that there was a command to get it
right (=wrong?).
So I typed in

chcon -t samba_share_t -R /

Yes, that's what was in the SElinux message thingie as suggestion. And
being a total SELinux nitwit I did what the almighty Linux system adviced.
So it took a while before getting "operation not permitted" on /dev/....
Then I cancelled the operation but the damage has apparently already
been made.
I retyped the command with the proper directory to share and now the
share worked.
But when I restarted the system all kinds of services were broken
including /dev/eth0.
The kernel could not find the eth0 device. The X configuration was gone
and all kinds of errors were smashed into my face.
So it looks like the SELinux (or me myself?) has scrambled my harddisk.
I cannot even login anymore. The system is completely dead.
Some 'simple' questions:
Why did this go wrong?
What actually did go wrong?
What to do next? Re-install? That would be a bummer.

Thanks for the help.

Regards,
Jeroen.

From man selinux:

The best way to relabel the file system is to create the flag
file /.autorelabel and reboot. system-config-securitylevel, also has
this capability. The restorcon/fixfiles commands are also available
for relabeling files.

As root, you will want to run something like: (This will reboot the
system when you enter the command, so make sure you are ready to
reboot!):

touch /.autorelabel ; reboot
or
touch /.autorelabel ; shutdown -r now

You could also just do the "touch /.autorelabel" and then reboot
using the GUI option to reboot the system.

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: F7: SELinux feature or bug?
    ... that's what was in the SElinux message thingie as suggestion. ... I retyped the command with the proper directory to share and now the ... you will want to run something like: (This will reboot the ... This is the safest way to relabel since no processes are running when this happens. ...
    (Fedora)
  • Re: F7: SELinux feature or bug?
    ... that's what was in the SElinux message thingie as suggestion. ... I retyped the command with the proper directory to share and now the ... you will want to run something like: (This will reboot the ... This is the safest way to relabel since no processes are running when this happens. ...
    (Fedora)
  • Re: F7: SELinux feature or bug?
    ... that's what was in the SElinux message thingie as suggestion. ... I retyped the command with the proper directory to share and now the ... you will want to run something like: (This will reboot the ... This is the safest way to relabel since no processes are running when this happens. ...
    (Fedora)
  • Re: EWF/DUA help needed
    ... > Your script does not reboot the device because it likely fails on the EXECUTE command. ... I have changed the script file, ... it may not be good implementation of your script for the purpose of changing running app with EWF on. ... > With EWF command you just commit a registry change to move/replace the JP.exe file on next reboot. ...
    (microsoft.public.windowsxp.embedded)
  • RE: Configuring NIC Card
    ... reboot use the full path command and stick it in your /etc/rc.local file. ... If the reader of the message is not the intended recipient, ... We recently upgraded our network switch to a 10/100 Mbps switch. ...
    (RedHat)