Re: SELinux Policy in OpenSUSE 11.2

["Justin P. mattock" <justinmattock@xxxxxxxxx>]

On 02/17/2010 10:58 AM, Stephen Smalley wrote:
> On Wed, 2010-02-17 at 13:34 -0500, Alan Rouse wrote:
> > Here's some info about the system now (booting successfully to desktop with selinux enabled)
> >
> > /etc/selinux/config:
> > SELINUX=permissive
> > SELINUXTYPE=refpolicy-standard
> >
> > /etc/dbus-1/system.conf contains:
> > <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
> >
> > var/log/messages does not have any AVC messages in it.
> >
> > sestatus -v:
> > SELinux status:                 enabled
> > SELinuxfs mount:                /selinux
> > Current mode:                   permissive
> > Mode from config file:          permissive
> > Policy version:                 24
> > Policy from config file:        refpolicy-standard
> >
> > Process contexts:
> > Current context:                system_u:system_r:kernel_t
> > Init context:                   system_u:system_r:kernel_t
> > /sbin/mingetty                  system_u:system_r:kernel_t
> >
> > File contexts:
> > Controlling term:               system_u:object_r:devpts_t
> > /etc/passwd                     system_u:object_r:file_t
> > /etc/shadow                     system_u:object_r:file_t
> > /bin/bash                       system_u:object_r:file_t
> > /bin/login                      system_u:object_r:file_t
> > /bin/sh                         system_u:object_r:file_t ->  system_u:object_r:file_t
> > /sbin/agetty                    system_u:object_r:file_t
> > /sbin/init                      system_u:object_r:file_t
> > /sbin/mingetty                  system_u:object_r:file_t
> > /usr/sbin/sshd                  system_u:object_r:file_t
> > /lib/libc.so.6                  system_u:object_r:file_t ->  system_u:object_r:file_t
> > /lib/ld-linux.so.2              system_u:object_r:file_t ->  system_u:object_r:file_t
>
> Ok, so all of your processes are still running in kernel_t, and all of
> your files are labeled file_t.  You need to label your filesystems and
> reboot.

o.k. doing a touch .autorelabel doesnt get the
filesystem to automatically relabel, so I
just did fixfiles relabel

now rebooting causes gdm to really crashes and burns
i.g. before gdm would try and giveup on the 5 attempt,
now it just exits out without even trying like before
(i.g. before screen login appears, then goes back to init3, now after 
relabel just shows an error exit message and thats it.)


wow!! never experienced such a failure with wrong file labels
on a system(even when running nubuntu)..


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.