Hello Miroslav,
Yes, indeed, usually I run in permissive mode around reboots to
forestall problems due to possible SELinux policy issues. Especially if
a SELinux policy update takes place I test it first in permissive mode
to ensure stability of the environment.
Sincerely, Erick
On 03/26/2013 11:32 AM, Miroslav Grepl wrote:
On 03/22/2013 04:31 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/22/2013 10:17 AM, Erick Staal wrote:
Hi,
After the last update of selinux to 3.11.1-86 the following error
appears
in /var/log/messages:
SELinux: Context
unconfined_u:system_r:unconfined_dbusd_t:s0-s0:c0.c1023
would be invalid if enforcing
Looks like that there is a problem with the selinux config for dbusd.
Can
anyone tell how to fix this?
Sincerely, Erick -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
I have a feeling you can just ignore it.
Not sure it why you had this label mapped into your kernel.
system_r is not allowed to run unconfined_dbusd_t, which is basically
what the
kernel is telling you. Maybe prior to the update this was allowed.
but as
long as you did not have a process with this label on it, you would be
fine.
And there should be no way to get this label on an enforcing machine.
ps -eZ | grep unconfined_dbusd_t
If you get nothing that looks like system_r:unconfined_dbusd_t, you
should be
fine.
Also have you ever run in permissive mode?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFMeUoACgkQrlYvE4MpobMlggCghXY9vmlnxVqP/bcshvLJIq5Q
LsMAoKGDP0H3gAbGEHYXjuQ3Zc6ztGyW
=+MJJ
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
