On Fri, 2006-01-27 at 17:49 +0200, G Jahchan wrote: > ls -Z /sbin/init > -rwxr-xr-x root root system_u:object_r:staff_home_t /sbin/init That's your problem - your filesystem is incorrectly labeled. Don't know how your /sbin/init program ended up with the type of a staff home directory; it should have init_exec_t. /sbin/restorecon -nv /sbin/init If that correctly relabels to init_exec_t, then proceed to do a full relabel, i.e. touch /.autorelabel and reboot or pass 'autorelabel' on the kernel command line. Or shut down to single-user and run 'fixfiles relabel'. All variations on the same theme... > /etc/passwd system_u:object_r:staff_home_t Should be etc_t. > /bin/bash system_u:object_r:staff_home_t shell_exec_t > /bin/login system_u:object_r:staff_home_t login_exec_t > /sbin/init system_u:object_r:staff_home_t init_exec_t > /sbin/mingetty system_u:object_r:staff_home_t getty_exec_t > /usr/sbin/sshd system_u:object_r:staff_home_t sshd_exec_t > The results of audit2why seem to indicate a mismatch between current in-memory > boolean settings vs. permanent ones. No, just a filesystem labeling problem. audit2why can't determine that; it just diagnoses policy problems. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
