Re: Odd messages during bootup from gdm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jim Cornette wrote:
Gene Heskett wrote:

I'll try it one more time, with it enabled. But it seems to me that if restorecon cannot access the config file, and here I'm ASSUMING that the config file in question is /etc/selinux/config, then I doubt seriously that restorecon can even begin to rectify the problems.

FWIW, here is an ls -lZa of /etc/selinux/config:
-rw-r--r-- root root system_u:object_r:file_t /etc/selinux/config

Is that anywhere near correct? Editing has always been done with vim, as root.


I would not edit a bunch of files in order to relabel.

1). Boot with selinux=0 into runlevel 1
2). run fixfiles relabel and answer yes to clear the /tmp directory
3). Reboot the computer after fixfiles relabel is completed.


This should relabel the system. (The law book for SELinux)
After the relabeling, SELinux being enabled (The law enforcement officer) should protect the system by the hopefully properly labeled system.

If this does not relabel your system properly, something is missing on your system related to SELinux policy or functionality.

Jim

I agree Jim, but at this stage, I've NDI what might be missing/munged. But lets start with the menu choices in system-config-security*, which doesn't allow some settings, hence the use of vim to set it. If that "thing" is supposed to be the "approved" tool to do that, then let it fully control selinux. What I have here is certainly crippled.

If this tool is supposed to be able to initiate a repairing relabel of the system, add an obvious way to do that to this utility and you'll cut the length of threads like this one down considerably. This is to me, a classic case of security through obscurity, where only the blessed guru's who wrote it are supposed to know all the incantations.

Thanks.

--
Cheers, Gene


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux