On Thu, 2009-08-06 at 15:21 -0700, Peter Joseph wrote: > While experimenting with SELinux, I finally managed to lock myself out of the > system. The only way to get back in, I had to add "selinux=0" to the end of > the kernel line. > Now, if I run in a permissive mode the following message appears when I try > to log in: > > "Could not connect to session bus: An SELinux policy prevents this sender > from sending this message to this recipient (rejected message had sender > "(unset)" interface "org.freedesktop.DBus" member "Hello" error name > "(unset)" destination "org.freedesktop.DBus)." > > I am forced to go back to the grub prompt and disable SELinux again, in > order to get in. What is the best way to reset SEL to its original state? Boot with enforcing=0 to come up in permissive mode (i.e. stay enabled, log any denials that would occur, but don't enforce them). Then look for avc denial messages in /var/log/messages or /var/log/audit/audit.log. Those will help indicate what it is going wrong and what needs to be fixed. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
