On 08/01/2010 08:01 AM, Jason Pyeron wrote:
> So my hack will not work either...
> [root@devserver21 ~]# echo 0>/selinux/enforce
> [root@devserver21 ~]# chroot /var/mnt/192.168.1.52
> [root@devserver21 /]# passwd apache
> passwd: user_u:system_r:initrc_t is not authorized to change the password of
> apache
How'd you end up in that context? Did you boot to single-user mode?
I only have CentOS 5 on which to test. On the host, root normally logs
in to an unconfined domain:
# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
context=user_u:system_r:unconfined_t
If I chroot, I'm still unconfined:
# chroot /var/lib/mock/centos-5-x86_64/root/
bash-3.2# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
context=user_u:system_r:unconfined_t:s0
... and why you'd be getting SELinux warnings after disabling enforcing
mode is odd, too. What to "getenforce" and "setenforce permissive" tell
you? Is /selinux actually a mounted filesystem?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
