On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote:
> It shouldn't cause any trouble if you set to permissive mode. Can you
> explain what problems you are having?
I've just recently deleted a bunch of its incomprehensible
reportage from the machine I'm on at the moment; this has come in since
(with my apologies for what c&p does to the formatting) :
SummarySELinux is preventing semodule (semanage_t) "getattr" to /
(fs_t).Detailed DescriptionSELinux denied access requested by semodule.
It is not expected that this access is required by semodule and this
access may signal an intrusion attempt. It is also possible that the
specific version or configuration of the application is causing it to
require additional access.Allowing AccessYou can generate a local policy
module to allow this access - see FAQ Or you can disable SELinux
protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report against this package.Additional
InformationSource Context: user_u:system_r:semanage_tTarget
Context: system_u:object_r:fs_tTarget Objects: / [ filesystem ]Affected
RPM Packages: filesystem-2.4.6-1.fc7 [target]Policy RPM: selinux-
policy-2.6.4-38.fc7Selinux Enabled: TruePolicy Type: targetedMLS
Enabled: TrueEnforcing Mode: PermissivePlugin
Name: plugins.catchallHost Name: localhost.localdomainPlatform: Linux
localhost.localdomain 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT 2007
i686 athlon
Alert Count: 1First Seen: Wed 05 Sep 2007 09:37:21 AM EDTLast
Seen: Wed 05 Sep 2007 09:37:21 AM EDTLocal ID: fb994b74-5944-49d4-836b-
f9011476aec6Line Numbers: Raw Audit Messages :avc: denied { getattr }
for comm="semodule" dev=dm-0 name="/" pid=28412
scontext=user_u:system_r:semanage_t:s0 tclass=filesystem
tcontext=system_u:object_r:fs_t:s0
Quite commmonly, along with all the stuff that would take me
years of study (years I don't have) to understand, I get either a
recommendation to run some command ending in "reboot," which is very
tiresome to do, and also takes inordinate time. Or else it asks for a bug
report, which I am not competent to write, nor do I have time for it.
> Run the following command as root to verify the mode
>
> # getenforce
I get this, on all three machines that live on my desk :
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]#
>
> Can I just command "yum remove selinux"?
>
> SELinux is not a single package. You can remove the policy files but the
> SELinux library is used by many core packages and cannot be removed
> easily. See previous discussions in this list in the archives for more
> details.
More details? I'm already drowning in details meaningless to me!
--
Beartooth Staffwright, PhD, Neo-Redneck Linux Convert
Remember I know precious little of what I am talking about.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
