On Sun, 25 Apr 2010 11:04:31 +0200 Dominick Grift <domg472@xxxxxxxxx> wrote: > On Sat, Apr 24, 2010 at 04:56:00PM -0400, Steve Blackwell wrote: ... > > My logwatch report gives me 20 or 30 lines of : > > > > NULL security context for user, but SELinux in permissive mode, > > continuing () > > > > in the cron section. Then I looked in /var/log/dmesg and I see this > > line: > > > > SELinux: 8 users, 12 roles, 2527 types, 119 bools, 1 sens, 1024 cats > > > > System->Administration->SELinux Management, select SELinux User, > > shows 8 SELinux users: ... > > > > OK, that looks good but when, as root, I run: > > > > # semanage login -l > > > > Login Name SELinux User MLS/MCS > > Range > > > > __default__ unconfined_u > > s0-s0:c0.c1023 root unconfined_u > > s0-s0:c0.c1023 system_u system_u > > s0-s0:c0.c1023 > > > > hmmm... only 3 users. It this a problem or is it telling me that > > only 3 SELinuux users are currently in use (ie assign to any Linux > > user) because I'm running in permissive mode? > > This should not be a problem because new users get mapped under > __default__ by default, which is mapped to unconfined_u selinux user. > > > > > How can I find out which user has a "NULL security context"? > > Good question, my gut feeling tells me it unconfined_u but i am not > sure. > > If there is no bug in Fedora 11 selinux policy then you could > consider reinstalling the policy. > > The procedure for reinstalling policy is as follows. > > 1. setenforce 0 (put selinux in permisive mode) > 2. rpm -ev selinux-policy selinux-policy-targeted (de-install selinux > policy) > 3. mv /etc/selinux/targeted /etc/selinux/targeted.backup > (remove -backup- the old selinux policy config) > 4. yum install > selinux-policy selinux-policy-targeted (-re- install fresh selinux > policy) > 5. fixfiles restore (restore contexts) > 6. reboot I tried this procedure and at step 2 I also had to remove oolicycoreutils-gui and setroubleshoot because of dependencies and then reinstall them at step 4. Step 5 started and bailed out with these errors: # fixfiles restore ********************/sbin/setfiles: unable to stat file /home/steve/.gvfs: Permission denied /sbin/setfiles: error while labeling /: Permission denied /sbin/setfiles: error while labeling /boot: Permission denied /sbin/setfiles: error while labeling /media/bbbbbbbb-aaaa-zzzz-yyyy-xxxxxxxx: Permission denied The /media/... is an external USB harddrive that I use for backups. Can I ignore these errors or do they need to be resolved. Thanks, Steve -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
