On Fri, 2006-01-27 at 11:44 -0500, Stephen Smalley wrote: > On Fri, 2006-01-27 at 17:49 +0200, G Jahchan wrote: > > ls -Z /sbin/init > > -rwxr-xr-x root root system_u:object_r:staff_home_t /sbin/init > > That's your problem - your filesystem is incorrectly labeled. Don't > know how your /sbin/init program ended up with the type of a staff home > directory; it should have init_exec_t. > > /sbin/restorecon -nv /sbin/init Oops, that should just be: /sbin/restorecon -v /sbin/init The -n prevents it from actually relabeling, so -nv is useful when you want to see what it would do without actually applying the change, but in this case, we do want to make the change as well as see exactly what it does (hence -v for verbose). > If that correctly relabels to init_exec_t, then proceed to do a full > relabel, i.e. touch /.autorelabel and reboot or pass 'autorelabel' on > the kernel command line. Or shut down to single-user and run 'fixfiles > relabel'. All variations on the same theme... Given the extent of labeling errors reported by sestatus, you definitely want to do a full relabel, after verifying that at least the above manual restorecon of init is working properly. If that restorecon doesn't work properly, then possibly your file_contexts.homedirs is not being correctly generated by genhomedircon. You don't happen to have users with home directories of /sbin and /bin, do you? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
