Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Terry - Fedora Core wrote:
> As I reported on another thread, SELinux has caused me trouble and
> blocked access to my hard disks.
> 
> To solve the problem, I set SELinux to "permissive" mode. Am I positive
> that SELinux caused the problem of not being able access the hard disks.
> No. But then when I set SELinux to permissive mode the problem
> disappeared. Not proof, but very strong evidence.
> 
> My question:
> 
> Should I enable SELinux again?
> 
> What do I gain if I do?
> 
> Will the gain be greater than the loss of accessing my computer hard disks?
> 
> And if I do, how do I try to prevent it from locking me out of the hard
> disks again?
> 
> How do I determine what caused SELinux to block access, how much trouble
> is it to change SELinux to prevent it from doing that again?
> 
> Your insights are appreciated.
> 
> Terry
> 
Look for error messages in /var/log/audit/audit.log.  Install
setroubleshoot, it will tell you when SELinux is complaining about
something and attempt to give you a way to fix it.

Most likely the disk you are having problems with is not labeled
correcty.  SELinux relies on extended attributes containing labels for
every file on the system.  If a file does not have a label, the kernel
says the label is file_t and no confined domains can use the file.  You
can either label the disk, by executing a command like
restorecon -R -v PATHTODDISK
Or you can fully relabel the entire system using

touch /.autorelabel; reboot

Or if you do not want to label the disk you can use the mount
command/fstab entry to put a single label for the entire file system.

mount -o context="sytstem_u:object_r:default_t:s0" DISK MOUNTPOINT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkesW+4ACgkQrlYvE4MpobNpBACfW4/15U2VqZv1PxQcG0YAxa5T
j7oAnjpnnytDIRB7glrH4kfSnfrOxoY7
=6Dz3
-----END PGP SIGNATURE-----

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux