Re: fc14 upgrade fails, system now in partially-upgraded state...

Hi,

Now, I have a problem with selinux that I can't figure out. It boots
properly in enforcing mode, but won't let anyone login:

[   25.346263] SELinux:  Context system_u:unconfined_r:kernel_t:s0
would be invalid if enforcing

Booting with enforcing=0 enables root to login. How can I fix this?

First step is to try relabelling.
Something is reall screwed up.  I would do

# yum reinstall selinux-policy-targeted
# touch /.autorelabel; reboot

I should have mentioned that I did relabel and it didn't make any difference.

I did find this post:

https://bugzilla.redhat.com/show_bug.cgi?id=443569

and it mentioned running "semanage login -m -s unconfined_u
__default__". This enabled me to login once again, but there are now
other errors:

[ 9.718499] type=1400 audit(1299611791.043:3): avc: denied {
mmap_zero } for pid=670 comm="vbetool"
scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tclass=memprotect
[ 14.847056] type=1400 audit(1299611796.172:4): avc: denied {
write } for pid=839 comm="system-setup-ke"
name="00-system-setup-keyboard.conf" dev=sda1 ino=3414111
scontext=system_u:system_r:keyboardd_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file

Suggestions for correcting these errors?

There was also this error that occurred after just installing munin:

Mar 8 14:42:30 gary setroubleshoot: SELinux is preventing
/usr/sbin/httpd from search access on the directory /etc/munin. For
complete SELinux messages. run sealert -l
7cfb6635-60f5-4f85-9e93-081af231b418

Should that have happened?

Thanks,
Alex
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Relevant Pages

  • Re: SELinux Understanding
    ... impossible to know if the relabelling has resolved a genuine ... Well I disabled SELinux some weeks ago for some reason or other. ... too clued up on SELinux, but it was running in enforcing mode, then I ... I found that re-enabling SELinux in enforcing mode, ...
    (Fedora)
  • Re: SELinux Understanding
    ... impossible to know if the relabelling has resolved a genuine ... Well I disabled SELinux some weeks ago for some reason or other. ... I'm not too clued up on SELinux, but it was running in enforcing mode, then I disabled it, and rebooted. ... I found that re-enabling SELinux in enforcing mode, then rebooting, resulted in the relabelling stuff being done. ...
    (Fedora)
  • Re: SELinux Understanding
    ... impossible to know if the relabelling has resolved a genuine ... If you have run with selinux disabled, when you reenable it you are going ... that re-enabling SELinux doesn't automagically run the relabelling process ... enforcing mode on Fedora 7, then rebooted, it did run the relabelling process ...
    (Fedora)
  • Re: fc14 upgrade fails, system now in partially-upgraded state...
    ... I have a problem with selinux that I can't figure out. ... properly in enforcing mode, ... Booting with enforcing=0 enables root to login. ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ ...
    (Fedora)
  • Re: SELinux Understanding
    ... re-enabling SELinux, in either permissive, or enforcing mode ... impossible to know if the relabelling has resolved a genuine ... If you have run with selinux disabled, when you reenable it you are going ... re-enabling SELinux doesn't automagically run the relabelling process as ...
    (Fedora)