On Fri, 2006-02-03 at 16:26 +1100, Russell Coker wrote:
> On Friday 03 February 2006 13:22, louisg00@xxxxxxxxxxxxx wrote:
> > > touch /.autorelabel
> > > reboot
> >
> > I did a relabel but still having problems. This is what I get:
>
> Did you boot with enforcing=0 for the relabel? Sometimes mislabelling can
> prevent the relabelling from occurring.
I relabeled in permissive mode and it went fine. Fixed a lot but not all
problems.
> > Feb 2 20:53:29 soncomputer kernel: audit(1138931589.627:32): avc: denied
> > { search } for pid=2095 comm="avahi-daemon" name="/" dev=hda3 ino=2
> > scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0
> > tclass=dir Feb 2 20:53:30 soncomputer kernel: audit(1138931589.627:33):
>
> What is /dev/hda3? The root file system? If the root directory is unlabeled
> then things are seriously messed up and in need of a relabel.
/dev/hd3 is my root partition. After the relabel things quieted down. This is
the relevant entries during boot now. In enforcing mode the system was
unable to mount the /boot and /home partitions.
kernel: Security Framework v1.0.0 initialized
kernel: SELinux: Initializing.
kernel: SELinux: Starting in permissive mode
kernel: selinux_register_security: Registering secondary module
capability
kernel: Capability LSM initialized as secondary
kernel: SELinux: Registering netfilter hooks
kernel: security: 3 users, 6 roles, 1125 types, 132 bools, 1 sens, 256
cats
kernel: security: 55 classes, 37291 rules
kernel: SELinux: Completing initialization.
kernel: SELinux: Setting up existing superblocks.
kernel: SELinux: initialized (dev hda3, type ext3), uses xattr
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1562113
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=618337
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=585793
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1594657
kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition
SIDs
kernel: SELinux: initialized (dev debugfs, type debugfs), uses
genfs_contexts
kernel: SELinux: initialized (dev selinuxfs, type selinuxfs), uses
genfs_contexts
kernel: SELinux: initialized (dev mqueue, type mqueue), uses transition
SIDs
kernel: SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses
genfs_contexts
kernel: SELinux: initialized (dev devpts, type devpts), uses transition
SIDs
kernel: SELinux: initialized (dev eventpollfs, type eventpollfs), uses
genfs_contexts
kernel: SELinux: initialized (dev inotifyfs, type inotifyfs), uses
genfs_contexts
kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition
SIDs
kernel: SELinux: initialized (dev futexfs, type futexfs), uses
genfs_contexts
kernel: SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
kernel: SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
kernel: SELinux: initialized (dev proc, type proc), uses genfs_contexts
kernel: SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
kernel: SELinux: initialized (dev rootfs, type rootfs), uses
genfs_contexts
kernel: SELinux: initialized (dev sysfs, type sysfs), uses
genfs_contexts
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1050728
kernel: SELinux: initialized (dev usbfs, type usbfs), uses
genfs_contexts
kernel: SELinux: initialized (dev ramfs, type ramfs), uses
genfs_contexts
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=195265
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=683425
kernel: audit(1138958718.999:2): avc: denied { mounton } for pid=1462
comm="mount" name="boot" dev=hda3 ino=195265
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958718.999:3): avc: denied { mounton } for pid=1462
comm="mount" name="boot" dev=hda3 ino=195265
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition
SIDs
kernel: audit(1138958719.003:4): avc: denied { mounton } for pid=1462
comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958719.003:5): avc: denied { mounton } for pid=1462
comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: SELinux: initialized (dev hda1, type ntfs), uses genfs_contexts
Feb 3 04:25:39 soncomputer kernel: Adding 1020088k swap on /dev/hda5.
Priority:-1 extents:1 across:1020088k
kernel: SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses
genfs_contexts
kernel: audit(1138958720.667:6): avc: granted { execmem } for
pid=1550 comm="kudzu" scontext=system_u:system_r:kudzu_t:s0
tcontext=system_u:system_r:kudzu_t:s0 tclass=process
kernel: audit(1138958720.667:7): avc: granted { execmem } for
pid=1550 comm="kudzu" scontext=system_u:system_r:kudzu_t:s0
tcontext=system_u:system_r:kudzu_t:s0 tclass=process
kernel: audit(1138958722.099:8): avc: denied { read } for pid=1541
comm="readahead" name="display" dev=ramfs ino=4029
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=file
kernel: audit(1138958722.099:9): avc: denied { read } for pid=1541
comm="readahead" name="rhgb-console" dev=ramfs ino=4107
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=fifo_file
kernel: audit(1138958725.539:10): avc: denied { read } for pid=1541
comm="readahead" name="display" dev=ramfs ino=4029
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=file
kernel: audit(1138958725.539:11): avc: denied { read } for pid=1541
comm="readahead" name="rhgb-console" dev=ramfs ino=4107
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=fifo_file
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1822979
kernel: audit(1138958733.996:12): avc: denied { mounton } for
pid=1815 comm="mount" name="rpc_pipefs" dev=hda3 ino=1822979
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958733.996:13): avc: denied { mounton } for
pid=1815 comm="mount" name="rpc_pipefs" dev=hda3 ino=1822979
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses
genfs_contexts
kernel: SELinux: initialized (dev 0:14, type nfs), uses genfs_contexts
Feb 3 04:25:39 soncomputer kernel: audit(1138958734.600:14): avc:
denied { mounton } for pid=1858 comm="mount" name="boot" dev=hda3
ino=195265 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958734.600:15): avc: denied { mounton } for
pid=1858 comm="mount" name="boot" dev=hda3 ino=195265
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958734.600:16): avc: denied { mounton } for
pid=1858 comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958734.600:17): avc: denied { mounton } for
pid=1858 comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1985186
kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1985189
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
