Re: Help with messed up F11 SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 26 Apr 2010 09:27:34 +0200
Dominick Grift <domg472@xxxxxxxxx> wrote:


> > > > [root@steve ~]# fixfiles
> > > > restore ********************/sbin/setfiles:  unable to stat
> > > > file /home/steve/.gvfs: Permission denied 
> > > > /sbin/setfiles:  error while labeling /:  Permission
> > > > denied 
> > > > /sbin/setfiles:  error while labeling /boot:  Permission
> > > > denied 
> > > > /sbin/setfiles:  error while
> > > > labeling /media/blah-blah:  Permission denied
> > > 
> > > in /etc/selinux/config set "SELINUX=permissive"
> > > 
> > > then do: touch /.autorelabel && reboot
> > > 
> > 
> > OK, I did that and I still get these messages in /var/log/dmesg:
> 
> If relabeling succeeded these issues should be fixed now.
> You can check by listing: "ls -alZ /etc/rc.d/init.d/mysqld"
> 
> if the type returned is mysqld_initrc_exec_t, then its fixed
> if the type returned is unlabeled_t, then something went wrong.

The type is mysqld_initrc_exec_t so it must be fixed. 
Things have definitely improved. I'm not getting streams of AVCs any
more when I open the sevices GUI. Thnk you, Dominick!

I do still have one (so far) problem though. When I tried to point my
browser at my local BackupPC server page a get an "Unable to Connect"
message and an AVC:

Raw Audit Messages :
node=steve.blackwell type=AVC msg=audit(1272289200.98:138): avc: denied
{ write } for pid=31707 comm="perl5.10.0" name="BackupPC.sock" dev=dm-0
ino=36667496 scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file

node=steve.blackwell type=SYSCALL msg=audit(1272289200.98:138):
arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfbd44e0
a2=cfe4ac a3=9317008 items=0 ppid=2037 pid=31707 auid=4294967295 uid=48
gid=48 euid=495 suid=495 fsuid=495 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="perl5.10.0" exe="/usr/bin/perl5.10.0"
subj=system_u:system_r:httpd_t:s0 key=(null)

Now I know I could change the context of that socket file but I'm
guessing that it gets created every time and so that is not a permanent
solution. Is there a boolean I need to set; nothing looked obvious or
perhaps a BackupPC policy I need to install?

Thanks,
Steve
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux