---- max bianco <maximilianbianco@xxxxxxxxx> wrote: > On Tue, Jul 15, 2008 at 9:20 AM, Steve <zephod@xxxxxxxxxx> wrote: > > > > ---- max bianco <maximilianbianco@xxxxxxxxx> wrote: > >> On Mon, Jul 14, 2008 at 8:55 AM, Steve <zephod@xxxxxxxxxx> wrote: > >> > I went to start setroubleshoot, Applications->System Tools->SE Linux Troubleshooter and I get this message: > >> > > >> > connection failed at /var/run/setroubleshoot/setroubleshoo_tserver. Connection refused > >> > > >> > #ls -lZ /var/run/setroubleshoot/setroubleshoot_server > >> > srw-rw-rw- root root system_u:object_r:setroubleshoot_var_run_t /var/run/setroubleshoot/setroubleshoot_server > >> > > >> That looks right. Is it F8 or F9? > >> SETroubleshoot is usually on, do you remember why you turned it off? > > > > This is F9 and I didn't turm setroubleshoot off - not on purpose.anyway }-P > > If I look in System->Administration->Services at setroubleshootd, it says that it is enabled but the status is unknown > > > It usually runs in the background and only wakes up when needed, > however you should stil be able to run it from Applications-->System > Tools-->SELinux Troubleshooter with out a problem. I can in fact do > that here. # ps -ef | grep setroubleshoot root 4380 4331 0 08:48 pts/0 00:00:00 grep setroubleshoot # chkconfig --list | grep setroubleshoot setroubleshoot 0:off 1:off 2:on 3:on 4:on 5:on 6:off Hmmm. so why isn'y it running? ..Ah-ha! Found this in /var/log/messages: setroubleshoot: [program.ERROR] setroubleshoot generated AVC, exiting to avoid recursion, context=system_u:system_r:setroubleshootd_t:s0, AVC scontext=system_u:system_r:setroubleshootd_t:s0 ... setroubleshoot: [rpc.ERROR] attempt to open server connection failed: Connection refused > Do you have all current updates? Yes. > Do you know what version of policy you are running? Don't know. > Have you recently installed any custom policy? No. > Did you switch SELinux to permissive recently ? No. I have always run in permissive mode. > I assume you have stopped and restarted the service. Seems like the service can never start. See above. > Which kernel are you running? # uname -sr Linux 2.6.25.6-55.fc9.x86_64 > Have you checked for bugs filed against setroubleshoot? There are > quite a few bugs filed against it, maybe one of these is related to > the problem your having. I will look. > Try these commands: > > rpm -qa 'selinux*' # rpm -qa "selinux*" # # rpm-qa | grep selinux libselinux-devel-2.0.64-2.fc9.i386 libselinux-python-2.0.64-2.fc9.x86_64 libselinux-devel-2.0.64-2.fc9.x86_64 libselinux-2.0.64-2.fc9.i386 libselinux-2.0.64-2.fc9.x86_64 # Huh. Seems that there is no selinux policy installed. # yum search selinux-policy Loaded plugins: fedorakmod, refresh-packagekit ===================================================================== Matched: selinux-policy ===================================================================== selinux-policy.noarch : SELinux policy configuration selinux-policy-devel.noarch : SELinux policy development selinux-policy-mls.noarch : SELinux mls base policy selinux-policy-targeted.noarch : SELinux targeted base policy # yum install selinux-policy.noarch selinux-policy-targeted.noarch ... Installing : selinux-policy-targeted [2/2] libsepol.scope_copy_callback: moilscanner: Duplicate declaration in module: type/attribute mailscanner_spool_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! libsepol.sepol_user_modify: undefined role unconfined_r for user unconfined_u libsepol.sepol_user_modify: could not load (null) into policy libsemanage.dbase_policydb_modify: could not modify record value libsemanage.semanage_base_merge_components: could not merge local modifications into policy /usr/sbin/semanage: Could not add SELinux user unconfined_u libsemanage.validate_handler: selinux user unconfined_u does not exist (No such file or directory). libsemanage.validate_handler: seuser mapping [__default__ -> (unconfined_u, s0-s0:c0.c1023)] is invalid (No such file or directory). libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory). /usr/sbin/semanage: Could not modify login mapping for __default__ libsemanage.validate_handler: selinux user unconfined_u does not exist (No such file or directory). libsemanage.validate_handler: seuser mapping [root -> (unconfined_u, s0-s0:c0.c1023)] is invalid (No such file or directory). libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory). /usr/sbin/semanage: Could not modify login mapping for root libsepol.sepol_user_modify: undefined role guest_r for user guest_u libsepol.sepol_user_modify: could not load (null) into policy libsemanage.dbase_policydb_modify: could not modify record value libsemanage.semanage_base_merge_components: could not merge local modifications into policy /usr/sbin/semanage: Could not add SELinux user guest_u libsepol.sepol_user_modify: undefined role xguest_r for user xguest_u libsepol.sepol_user_modify: could not load (null) into policy libsemanage.dbase_policydb_modify: could not modify record value libsemanage.semanage_base_merge_components: could not merge local modifications into policy /usr/sbin/semanage: Could not add SELinux user xguest_u warning: /etc/selinux/targeted/contexts/customizable_types saved as /etc/selinux/targeted/contexts/customizable_types.rpmorig warning: /etc/selinux/targeted/contexts/default_contexts saved as /etc/selinux/targeted/contexts/default_contexts.rpmorig warning: /etc/selinux/targeted/contexts/default_type created as /etc/selinux/targeted/contexts/default_type.rpmnew warning: /etc/selinux/targeted/contexts/initrc_context created as /etc/selinux/targeted/contexts/initrc_context.rpmnew warning: /etc/selinux/targeted/contexts/securetty_types created as /etc/selinux/targeted/contexts/securetty_types.rpmnew warning: /etc/selinux/targeted/contexts/users/root created as /etc/selinux/targeted/contexts/users/root.rpmnew Installed: selinux-policy.noarch 0:3.3.1-74.fc9 selinux-policy-targeted.noarch 0:3.3.1-74.fc9 Complete! # Lots of warnings there. > rpm -qa 'setrouble*' # rpm -qa | grep 'setrouble*' setroubleshoot-2.0.8-2.fc9.noarch setroubleshoot-plugins-2.0.4-5.fc9.noarch setroubleshoot-server-2.0.8-2.fc9.noarch # > sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 22 Policy from config file: targeted # Well that answers the earlier question about the policy version. > uname -a Linux xxxxx 2.6.25.6-55.fc9.x86_64 #1 SMP Tue Jun 10 16:05:21 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux > > Post the results, with that info there might be more help to be had. That'a a lot of data. Hope its not too much. Steve -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
