Jim Cornette wrote:
Gene Heskett wrote:
I'll try it one more time, with it enabled. But it seems to me that
if restorecon cannot access the config file, and here I'm ASSUMING
that the config file in question is /etc/selinux/config, then I doubt
seriously that restorecon can even begin to rectify the problems.
FWIW, here is an ls -lZa of /etc/selinux/config:
-rw-r--r-- root root system_u:object_r:file_t
/etc/selinux/config
Is that anywhere near correct? Editing has always been done with
vim, as root.
I would not edit a bunch of files in order to relabel.
1). Boot with selinux=0 into runlevel 1
2). run fixfiles relabel and answer yes to clear the /tmp directory
3). Reboot the computer after fixfiles relabel is completed.
This should relabel the system. (The law book for SELinux)
After the relabeling, SELinux being enabled (The law enforcement
officer) should protect the system by the hopefully properly labeled
system.
If this does not relabel your system properly, something is missing on
your system related to SELinux policy or functionality.
Jim
I agree Jim, but at this stage, I've NDI what might be missing/munged.
But lets start with the menu choices in system-config-security*, which
doesn't allow some settings, hence the use of vim to set it. If that
"thing" is supposed to be the "approved" tool to do that, then let it
fully control selinux. What I have here is certainly crippled.
If this tool is supposed to be able to initiate a repairing relabel of
the system, add an obvious way to do that to this utility and you'll cut
the length of threads like this one down considerably.
This is to me, a classic case of security through obscurity, where only
the blessed guru's who wrote it are supposed to know all the incantations.
Thanks.
--
Cheers, Gene
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
