Re: Weird SELinux problem after upgrade to F9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Does anyone have any suggestions here?

I would really love to get SELinux working correctly on my F9 upgraded box.

What can I do to debug this?

On Tue, Jun 03, 2008 at 03:25:17AM -0700, Kayvan A. Sylvan wrote:
> Hi everyone,
> 
> Over the last few days, I have managed to upgrade myself from FC4 (yes,
> really!) all the way to Fedora 9.
> 
> My system is an X86_64 dual-core Intel box with 8GB of memory and it seems to
> run so much faster with a smaller memory footprint under F9. Thanks to
> all the Fedora developers!
> 
> My problem is that after the upgrades I was getting all sorts of SELinux
> errors (from practically every application), so I figured that I would
> go ahead and relabel the filesystems. After the relabel, I was still
> getting dozens of errors per second, so I changed SELinux to Permissive
> mode (via /etc/selinux/config), rebooted and the system is now working.
> 
> However, I would like to get SELinux to work in Enforcing mode.
> 
> I have the following SELinux related packages installed:
> 
> # yum list all selinux*
> Installed Packages
> 
> selinux-doc.noarch                       1.26-1.1               installed       
> selinux-policy.noarch                    3.3.1-55.fc9           installed       
> selinux-policy-targeted.noarch           3.3.1-55.fc9           installed       
> 
> Available Packages
> selinux-policy-devel.noarch              3.3.1-55.fc9           updates         
> selinux-policy-mls.noarch                3.3.1-55.fc9           updates         
> 
> These are the types of errors I was seeing:
> 
> Jun  3 02:42:12 satyr kernel: type=1400 audit(1212486109.144:12): avc:  denied  { getattr } for  pid=1495 comm="restorecon" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:42:12 satyr kernel: type=1400 audit(1212486109.316:13): avc:  denied  { getattr } for  pid=1503 comm="dmsetup" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:42:12 satyr kernel: type=1400 audit(1212486109.934:14): avc:  denied  { getattr } for  pid=1513 comm="fsck" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:42:12 satyr kernel: type=1400 audit(1212486110.804:15): avc:  denied  { getattr } for  pid=1519 comm="mount" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:42:12 satyr kernel: type=1400 audit(1212486112.460:16): avc:  denied  { getattr } for  pid=1564 comm="swapon" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:42:13 satyr kernel: type=1400 audit(1212486124.825:21): avc:  denied  { getattr } for  pid=1907 comm="restorecond" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:restorecond_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:42:13 satyr kernel: type=1400 audit(1212486125.516:22): avc:  denied  { getattr } for  pid=2015 comm="iptables" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:42:13 satyr kernel: type=1400 audit(1212486127.411:23): avc:  denied  { getattr } for  pid=2888 comm="mcstransd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> Jun  3 02:43:58 satyr dbus: avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=4598 scontext=user_u:system_r:update_modules_t:s0 tcontext=user_u:system_r:update_modules_t:s0 tclass=dbus 
> Jun  3 02:43:59 satyr dbus: avc:  denied  { acquire_svc } for service=org.kde.klauncher spid=4608 scontext=user_u:system_r:update_modules_t:s0 tcontext=user_u:system_r:update_modules_t:s0 tclass=dbus 
> 
> 
> Any help in getting this working would be very appreciated!
> 
> Thanks.
> 
> 			---Kayvan
> -- 
> Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
> Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
> http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-- 
Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)

Attachment: pgpSgaYjtEQYx.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux