On Mon, 2009-08-10 at 10:26 -0700, Peter Joseph wrote: > >>> It was the unconfined_login boolean that got him > >> > >> So disabling unconfined_login boolean stopped him from being able to > >> login? > > That is correct. > > [root@rf57 active]# cat booleans.local > # This file is auto-generated by libsemanage > # Do not edit directly. > > allow_xserver_execmem=1 > unconfined_login=0 > __________________________________ > > Not being able to solve the problem I re-installed F11 and change the > default setting of unconfined_login again. Sure enough, the only way to > get back in is by setting selinux=0. > > I tried all sorts of ways to restore it to its default, but the problem I am > running into is: > > root@rf57 r5f7]# /usr/sbin/getenforce > Disabled > > [root@rf57 r5f7]# /usr/sbin/getsebool unconfined_login > /usr/sbin/getsebool: SELinux is disabled > > [root@rf57 selinux]# setsebool unconfined_login 1 > setsebool: SELinux is disabled. > > There has to be a way of getting around this. Hmm..setsebool probably shouldn't require SELinux to be enabled (but you'd want the -P option anyway to set it persistently). What about semanage or system-config-selinux, e.g.: semanage boolean -m --on unconfined_login Or you could edit the file directly (despite the comments) and run semodule -B afterward. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
