On Mon, Jan 14, 2008 at 02:36:45PM -0500, Daniel J Walsh wrote: > Do you have user accounts setup in /var/log? /lib/libexec? > If you have system accounts with homedirs and real shells, you can > confuse SELinux. Any system account should have a UID < 500 or a shell > of /bin/false or /sbin/nologin. I fixed all accounts to meet these expectations. There were these which I changed to use shells of /sbin/nologin: oracle:x:1003:1003:Oracle User:/opt/oracle:/bin/sh netsaint:x:1005:1005:netsaint:/usr/libexec/netsaint:/bin/sh autores:x:2000:2000:Autores:/opt/autores: dhcpd:x:2001:2001:DHCP Daemon:/etc/dhcpd:/bin/bash autostat:x:2003:2003:Autostatus:/etc/autostatus:/bin/false nagios:x:2004:2004:nagios:/var/log/nagios:/bin/sh > You also look like you have root account setup to login as system_u. > You probably want to execute > > semanage login -m -s unconfined_u root Done. Thanks for all the help. It sounds like I should go through all my systems to be sure they meet current SELinux standards. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
