On Tue, 2008-06-10 at 17:14 +0530, prakash hallalli wrote: > Hi All > > I have configured SELinux on ContOS 5.1. I have configured the RBAC > using MLS (Multilevel Security) Policy. > Now i am trying to restart the system services and they are not > restarting and it is throwing some error message. > I have a question here, with mls policy enabled will i be able to > restart the system service? If yes then what to do and If no what is > the reason? > > Steps to reproduce: > > 1) MLS Policy configuration. > > 1. Install selinux-policy-mls > 2. Set SELINUXTYPE=MLS in /etc/selinux/config file > 3. touch ./autorelabel; on root's home directory, and reboot the > machine. > 4. While machine is rebooting, change the GRUB parameter. > enforcing=0 > > 2) Now system is in permissive mode and SELinux status is as follows. > > # sestatus > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: permissive > Mode from config file: enforcing > Policy version: 21 > policy from config file: mls > > 3) Restart the system services and they restart successfully. > > [root@turtle11 ~]# service nfs restart > Shutting down NFS mountd: [FAILED] > Shutting down NFS daemon: [FAILED] > Shutting down NFS quotas: [FAILED] > Shutting down NFS services: [FAILED] > Starting NFS services: [ > OK ] > Starting NFS quotas: [ > OK ] > Starting NFS daemon: [ > OK ] > Starting NFS mountd: [ > OK ] > > 4) Now i am setting enforcing mode using setenforce command. > > root@turtle11 ~]#setenforce 1 > root@turtle11 ~]# sestatus > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: enforcing > Mode from config file: enforcing > Policy version: 21 > Policy from config file: mls > > 5) a) Now system is in enforcing mode and i am trying to restart the > system service. The restart will result in error message. > > root@turtle11 ~]#service nfs restart > /sbin/consoletype: error while loading shared libraries: libc.so.6: > cannot open shared object file: No such file or directory > /sbin/consoletype: error while loading shared libraries: libc.so.6: > cannot open shared object file: No such file or directory This suggests that libc.so.6 has the wrong label. In older versions of the policy, this was a difference between targeted and strict/mls policies. Boot in single-user mode and run fixfiles -F relabel. > nfs: unrecognized service > > b) When I trying to login it will show the following error. > > turtle login: smbldap3 > /bin/login:error while loading shared libraries: libcrypt.so.1:failed > to map segment from shared object: Permission denied > /sbin/mingetty: error while loading shared libraries: libc.so.6: > failed to map segment from shared object: Permission denied > > c) When using su command. > > root@turtle11 ~]# su smbldap3 > su: error while loading shared libraries: libpam.so.0: failed to map > segment from shared object: Permission denied > > I am not sure what is going on. I referred to many websites and PDFs > but couldn't get the proper solution. > > please help me. > > Thanks > Prakash. > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
