I have configured SELinux on ContOS 5.1. I have configured the RBAC using MLS (Multilevel Security) Policy.
Now i am trying to restart the system services and they are not restarting and it is throwing some error message.
I have a question here, with mls policy enabled will i be able to restart the system service? If yes then what to do and If no what is the reason?
Steps to reproduce:
1) MLS Policy configuration.
1. Install selinux-policy-mls
2. Set SELINUXTYPE=MLS in /etc/selinux/config file
3. touch ./autorelabel; on root's home directory, and reboot the machine.
4. While machine is rebooting, change the GRUB parameter.
enforcing=0
2) Now system is in permissive mode and SELinux status is as follows.
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 21
policy from config file: mls
3) Restart the system services and they restart successfully.
[root@turtle11 ~]# service nfs restart
Shutting down NFS mountd: [FAILED]
Shutting down NFS daemon: [FAILED]
Shutting down NFS quotas: [FAILED]
Shutting down NFS services: [FAILED]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
4) Now i am setting enforcing mode using setenforce command.
root@turtle11 ~]#setenforce 1
root@turtle11 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: mls
5) a) Now system is in enforcing mode and i am trying to restart the system service. The restart will result in error message.
root@turtle11 ~]#service nfs restart
/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
nfs: unrecognized service
b) When I trying to login it will show the following error.
turtle login: smbldap3
/bin/login:error while loading shared libraries: libcrypt.so.1:failed to map segment from shared object: Permission denied
/sbin/mingetty: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied
c) When using su command.
root@turtle11 ~]# su smbldap3
su: error while loading shared libraries: libpam.so.0: failed to map segment from shared object: Permission denied
I am not sure what is going on. I referred to many websites and PDFs but couldn't get the proper solution.
please help me.
Thanks
Prakash.
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
