On Tue, 2005-03-22 at 15:30 +0000, Ruth Ivimey-Cook wrote: > Hi folks, > > I have just started having some problems with selinux. I'm using FC3 with the > targetted policy. It was running enforced; now merely permissive because of the > problems. The box is running BIND/named in master mode (i.e. it is master for > some domains, but not supplying those domains to other demons) and a dhcp > server. I have today used yum to update both daemons from the updates-released > repo, and am now getting errors of this sort (note this is a sample - there are > many more): > > ... > audit(1111501062.397:0): avc: denied { search } for pid=6809 > exe=/usr/sbin/dhcpd name=/ dev=md1 ino=2 scontext=root:system_r:dhcpd_t > tcontext=system_u:object_r:file_t tclass=dir > audit(1111501062.397:0): avc: denied { search } for pid=6809 > exe=/usr/sbin/dhcpd name=/ dev=md1 ino=2 scontext=root:system_r:dhcpd_t > tcontext=system_u:object_r:file_t tclass=dir > audit(1111501107.559:0): avc: denied { search } for pid=6828 > exe=/usr/sbin/named name=/ dev=md1 ino=2 scontext=root:system_r:named_t > tcontext=system_u:object_r:file_t tclass=dir This suggests that your filesystem isn't labeled. Touch /.autorelabel and reboot, or manually boot single-user and run /sbin/fixfiles relabel. Did you install with SELinux enabled, or try enabling it later? How did you enable it? -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency