---- max <maximilianbianco@xxxxxxxxx> wrote: > > Where do I go from here? > > 0 - Well one option, that I don't generally encourage unless your in > hurry, is to do a fresh install of F9. You won't learn anything and > you've expressed interest in SELinux so I would encourage you to take > advantage of the learning oppurtunity, especially if your dual booting > and its a very minor inconvenience to reboot a desktop/laptop machine, > at least as far as I am concerned. I think I may have to re-install in the end because I'm seeing some really weird things but until I totally destroy the emachine I might as well experiment. I ran: # restorecon -n -v -r to see if it any file would need to be relabelled. It showed that all my shared library files were of type lib_t when the default was shlib_t so I went ahead and relabelled them. It didn't solve the setraoubleshoot problem though and now root does not appear to have access to init. > 1 - Check for bugs against preupgrade that relate to SELinux and check > for bugs against SETroubleshoot. I'm pretty sure SEtroubleshoot is a > symptom not a cause of your problem but it doesn't hurt to check. > > https://bugzilla.redhat.com/ There are a couple of bug that might be related but are not quite the same. 439299 and 449176. > 2 - The only other sane thing I could advise you too do is bounce your > question off the fedora-selinux list. I would include a reference to > this thread and all the relevant details. The kernel your running, the > policy version (rpm -qa | grep selinux...setrouble) , setroubleshoot > version, the error messages below , and that you run in permissive and > used preupgrade to go from f8 to f9. > This will ensure that the right people see your message, this list is > also monitored but I think when they get busy fedora-selinux is likely > to still get checked more often than fedora-list. I was trying to avoid this. I already get several hundred e-mails per day and I would guess that the selinux list is pretty busy too. Oh well, I'll just have to deal with it for a while. > I don't have any other sane suggestions left. I feel like the answer is > right there but I can't quite put my finger on it. If you feel like > being a guinea pig and are willing to absolve me of all responsibility > then let me know:^) My curiosity is peaked so I will try to dig up what > I can and I'll let you know if I feel like I have found a good answer. > > Take it easy, > > Max > > P.S. - this line from the output below : > > > SELinux: policy loaded with handle_unknown=deny > > Something about this is bugging me, I am checking with google but so far > I haven't found what I am looking for, try searching for this and see > what you come up with... I think it should be set to allow on fedora but > I am not sure of the circumstances under which it would be set to > allow/deny so I could be wrong....it has to do, IIRC, with other > security checks in the kernel? I am not finding the same info I did > before on this and my memory isn't playing ball. Yes, this doesn't seem right. From what I've read, the strict policy would have a default of deny but a targeted policy shoule be allow. Thanks for the suggestions Steve -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
