On Mon, Aug 10, 2009 at 7:45 AM, Stephen Smalley<sds@xxxxxxxxxxxxx> wrote: > On Sat, 2009-08-08 at 00:45 -0700, Justin P. Mattock wrote: >> Peter Joseph wrote: >> >> enforcing =0 should work. >> >> are you putting it the right area in grub/lilo? >> >> also you should be able to just change >> >> /etc/selinux/config >> >> set to permissive mode to avoid using the boot command line. >> >> or >> >> setenforce 0 >> >> and >> >> echo 0> /selinux/enforce >> >> to put the policy in permissive mode until things get cleaned. >> >> Justin P. Mattock >> >> >> > -- >> > SELinux has to be completely DISABLED for anybody to log in. Changing >> > /etc/selinux/config to a permissive mode is of no use. >> > I am thinking about trying to change all booleans from deny to allow (wow, >> > what a monstrous task). After all, that is how this trouble started in the >> > first place. >> > PJ >> > >> > fedora-selinux-list mailing list >> > fedora-selinux-list@xxxxxxxxxx >> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> > >> > >> > >> > >> yeah but booleans don't mess with the >> MBR or the bootloader of the kernel? > > No, they are part of the policy image (if set persistently). > > But the booleans only affect what allow rules are enabled at any given > time. If the system is in permissive mode, then the boolean settings > shouldn't prevent anything from working; they will just affect what avc > denials get logged. > > enforcing=0 on the kernel command line or SELINUX=permissive > in /etc/selinux/config should resolve any SELinux-related denials. > > Out of curiosity, you didn't happen to change the xserver_object_manager > boolean, did you? > It was the unconfined_login boolean that got him. -- The convoluted wording of legalisms grew up around the necessity to hide from ourselves the violence we intend toward each other. Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. You have done violence to him, consumed his energy. Elaborate euphemisms may conceal your intent to kill, but behind any use of power over another the ultimate assumption remains: "I feed on your energy." -Addenda to Orders in Council The Emperor Paul Muad'dib -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
