On Wed, 2010-02-17 at 11:47 -0800, Justin P. mattock wrote: > On 02/17/2010 10:58 AM, Stephen Smalley wrote: > > On Wed, 2010-02-17 at 13:34 -0500, Alan Rouse wrote: > >> Here's some info about the system now (booting successfully to desktop with selinux enabled) > >> > >> /etc/selinux/config: > >> SELINUX=permissive > >> SELINUXTYPE=refpolicy-standard > >> > >> /etc/dbus-1/system.conf contains: > >> <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> > >> > >> var/log/messages does not have any AVC messages in it. > >> > >> sestatus -v: > >> SELinux status: enabled > >> SELinuxfs mount: /selinux > >> Current mode: permissive > >> Mode from config file: permissive > >> Policy version: 24 > >> Policy from config file: refpolicy-standard > >> > >> Process contexts: > >> Current context: system_u:system_r:kernel_t > >> Init context: system_u:system_r:kernel_t > >> /sbin/mingetty system_u:system_r:kernel_t > >> > >> File contexts: > >> Controlling term: system_u:object_r:devpts_t > >> /etc/passwd system_u:object_r:file_t > >> /etc/shadow system_u:object_r:file_t > >> /bin/bash system_u:object_r:file_t > >> /bin/login system_u:object_r:file_t > >> /bin/sh system_u:object_r:file_t -> system_u:object_r:file_t > >> /sbin/agetty system_u:object_r:file_t > >> /sbin/init system_u:object_r:file_t > >> /sbin/mingetty system_u:object_r:file_t > >> /usr/sbin/sshd system_u:object_r:file_t > >> /lib/libc.so.6 system_u:object_r:file_t -> system_u:object_r:file_t > >> /lib/ld-linux.so.2 system_u:object_r:file_t -> system_u:object_r:file_t > > > > Ok, so all of your processes are still running in kernel_t, and all of > > your files are labeled file_t. You need to label your filesystems and > > reboot. > > > > o.k. doing a touch .autorelabel doesnt get the > filesystem to automatically relabel, so I > just did fixfiles relabel > > now rebooting causes gdm to really crashes and burns > i.g. before gdm would try and giveup on the 5 attempt, > now it just exits out without even trying like before > (i.g. before screen login appears, then goes back to init3, now after > relabel just shows an error exit message and thats it.) > > > wow!! never experienced such a failure with wrong file labels > on a system(even when running nubuntu).. Boot with enforcing=0 and look at your avc messages. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
