Kayvan A. Sylvan wrote: > Hi everyone, > > Over the last few days, I have managed to upgrade myself from FC4 (yes, > really!) all the way to Fedora 9. > > My system is an X86_64 dual-core Intel box with 8GB of memory and it seems to > run so much faster with a smaller memory footprint under F9. Thanks to > all the Fedora developers! > > My problem is that after the upgrades I was getting all sorts of SELinux > errors (from practically every application), so I figured that I would > go ahead and relabel the filesystems. After the relabel, I was still > getting dozens of errors per second, so I changed SELinux to Permissive > mode (via /etc/selinux/config), rebooted and the system is now working. > > However, I would like to get SELinux to work in Enforcing mode. > > I have the following SELinux related packages installed: > > # yum list all selinux* > Installed Packages > > selinux-doc.noarch 1.26-1.1 installed > selinux-policy.noarch 3.3.1-55.fc9 installed > selinux-policy-targeted.noarch 3.3.1-55.fc9 installed > > Available Packages > selinux-policy-devel.noarch 3.3.1-55.fc9 updates > selinux-policy-mls.noarch 3.3.1-55.fc9 updates > > These are the types of errors I was seeing: > > Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486109.144:12): avc: denied { getattr } for pid=1495 comm="restorecon" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486109.316:13): avc: denied { getattr } for pid=1503 comm="dmsetup" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486109.934:14): avc: denied { getattr } for pid=1513 comm="fsck" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486110.804:15): avc: denied { getattr } for pid=1519 comm="mount" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486112.460:16): avc: denied { getattr } for pid=1564 comm="swapon" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:42:13 satyr kernel: type=1400 audit(1212486124.825:21): avc: denied { getattr } for pid=1907 comm="restorecond" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:restorecond_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:42:13 satyr kernel: type=1400 audit(1212486125.516:22): avc: denied { getattr } for pid=2015 comm="iptables" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:42:13 satyr kernel: type=1400 audit(1212486127.411:23): avc: denied { getattr } for pid=2888 comm="mcstransd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem > Jun 3 02:43:58 satyr dbus: avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=4598 scontext=user_u:system_r:update_modules_t:s0 tcontext=user_u:system_r:update_modules_t:s0 tclass=dbus > Jun 3 02:43:59 satyr dbus: avc: denied { acquire_svc } for service=org.kde.klauncher spid=4608 scontext=user_u:system_r:update_modules_t:s0 tcontext=user_u:system_r:update_modules_t:s0 tclass=dbus > > > Any help in getting this working would be very appreciated! > > Thanks. > > ---Kayvan You might need to check your user database semanage user -l semanage login -l -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list