Re: How best get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-09-20 at 16:29 +0000, Beartooth wrote:
> On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote:
> 
> 
> > It shouldn't cause any trouble if you set to permissive mode. Can you
> > explain what problems you are having?
> 
> 	I've just recently deleted a bunch of its incomprehensible 
> reportage from the machine I'm on at the moment; this has come in since 
> (with my apologies for what c&p does to the formatting) :  
> 
> SummarySELinux is preventing semodule (semanage_t) "getattr" to / 
> (fs_t).Detailed DescriptionSELinux denied access requested by semodule. 
> It is not expected that this access is required by semodule and this 
> access may signal an intrusion attempt. It is also possible that the 
> specific version or configuration of the application is causing it to 
> require additional access.Allowing AccessYou can generate a local policy 
> module to allow this access - see FAQ Or you can disable SELinux 
> protection altogether. Disabling SELinux protection is not recommended. 
> Please file a bug report against this package.Additional 
> InformationSource Context:  user_u:system_r:semanage_tTarget 
> Context:  system_u:object_r:fs_tTarget Objects:  / [ filesystem ]Affected 
> RPM Packages:  filesystem-2.4.6-1.fc7 [target]Policy RPM:  selinux-
> policy-2.6.4-38.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS 
> Enabled:  TrueEnforcing Mode:  PermissivePlugin 
> Name:  plugins.catchallHost Name:  localhost.localdomainPlatform:  Linux 
> localhost.localdomain 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT 2007 
> i686 athlon
> Alert Count:  1First Seen:  Wed 05 Sep 2007 09:37:21 AM EDTLast 
> Seen:  Wed 05 Sep 2007 09:37:21 AM EDTLocal ID:  fb994b74-5944-49d4-836b-
> f9011476aec6Line Numbers:  Raw Audit Messages :avc: denied { getattr } 
> for comm="semodule" dev=dm-0 name="/" pid=28412 
> scontext=user_u:system_r:semanage_t:s0 tclass=filesystem 
> tcontext=system_u:object_r:fs_t:s0 
> 
> 	Quite commmonly, along with all the stuff that would take me 
> years of study (years I don't have) to understand, I get either a 
> recommendation to run some command ending in "reboot," which is very 
> tiresome to do, and also takes inordinate time. Or else it asks for a bug 
> report, which I am not competent to write, nor do I have time for it.

It's not that hard--all the information you need is in the report above.
And if you do report it, it will get fixed and save you and others grief
in the future.  Once you've done it once, it's not too terribly
difficult or time consuming.

>  
> > Run the following command as root to verify the mode
> > 
> > # getenforce
> 
> 	I get this, on all three machines that live on my desk : 
> 
> [root@localhost ~]# getenforce
> Permissive
> [root@localhost ~]# 
> 
> > 
> > Can I just command "yum remove selinux"?
> > 
> > SELinux is not a single package. You can remove the policy files but the
> > SELinux library is used by many core packages and cannot be removed
> > easily. See previous discussions in this list in the archives for more
> > details.
> 
> 	More details? I'm already drowning in details meaningless to me!
> 
-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux