Hi David,
Do hope I indeed was helpful.
Yes you were very helpful. I didn't know how to check SElinux labels. I am quite confused about how it works. I have downloaded the manual which comes with RHEL 4 to read about it. I've set it to permissive mode as suggested by Stephen Smalley and would have a look at the logs later. I'll definitely enable it again after getting a good understanding of its security model.
The end of Stephen Smalley's response I would spend some time on (might well explain the hotplug thing).
I know that tmpfs is a Virtual filesystem managed by the kernel. My kernel has been updated but I don't know whether this may have been the cause of this avc denied and preventing my system from booting. Then would a touch ./autorelabel relabel it? Kernel version could also be the problem since it manages tmpfs. I don't know yet how to check the policy version applied to my system.
Apparently other users of FC have also noted this avc hotplug denied. You mentioned "scaling_governor:userspace for hotplug. Is that what I should get for hotplug label?
Have you used fixfiles or touch /.autorelabel to relabel the entire filesystem? I am thinking whether the new compilation and installation of tcp_wrappers and openssh can cause problems with the SElinux security policy applied to the versions integrated with FC4?
You might also consider doing an update.
Good hunting!
Yes indeed, there are lots to learn about SElinux security model.
Tod
Rgds
David
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list