On Sat, 2009-08-08 at 00:45 -0700, Justin P. Mattock wrote: > Peter Joseph wrote: > >> enforcing =0 should work. > >> are you putting it the right area in grub/lilo? > >> also you should be able to just change > >> /etc/selinux/config > >> set to permissive mode to avoid using the boot command line. > >> or > >> setenforce 0 > >> and > >> echo 0> /selinux/enforce > >> to put the policy in permissive mode until things get cleaned. > >> Justin P. Mattock > >> > > -- > > SELinux has to be completely DISABLED for anybody to log in. Changing > > /etc/selinux/config to a permissive mode is of no use. > > I am thinking about trying to change all booleans from deny to allow (wow, > > what a monstrous task). After all, that is how this trouble started in the > > first place. > > PJ > > > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > > > > > > > yeah but booleans don't mess with the > MBR or the bootloader of the kernel? No, they are part of the policy image (if set persistently). But the booleans only affect what allow rules are enabled at any given time. If the system is in permissive mode, then the boolean settings shouldn't prevent anything from working; they will just affect what avc denials get logged. enforcing=0 on the kernel command line or SELINUX=permissive in /etc/selinux/config should resolve any SELinux-related denials. Out of curiosity, you didn't happen to change the xserver_object_manager boolean, did you? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
