i am logging on local machine directly and if i put msl in permissive mode it will just generate logs for the policy violation which is expected in permissive but if i am unable to use mls in enforcing mode then it is quit wrong behavior
On Thu, Oct 27, 2016 at 1:27 AM, Harry Waddell <waddell@xxxxxxxxxxxxxxxx> wrote:
Agreed. At this point, I think the only recourse for Kashif is toOn Wed, 26 Oct 2016 10:17:27 -0400
Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On 10/26/2016 03:47 AM, Kashif ali wrote:
> > Hi
> > Hope you're fine i know your busy but i need your little time if you
> > can manage that will be great for me.
> > i'm facing an issue in MLS Policy of Selinux when i relabel the system
> > and reboot it it won't allow me to login(i'm signing in my machine ) i
> > used these commands
> > * set the selinux to enforcing
> > * touch ./autorelabel for relabeling the system
> > * and then reboot the system and it won't allow me to login
> >
> > Kindly help in this problem because i'm stuck in it for a while and it
> > will be very greatful. Thanks
>
> Generally it is a good idea to first bring up the system in permissive
> when switching to MLS, and check that there are no residual denials or
> other SELinux errors that need to be addressed before putting it into
> enforcing mode. We would need to see the actual error messages to help
> debug further. And it would help to specify your specific distribution
> and version.
>
boot the system into rescue mode, e.g. using the install dvd,
mount the filesystem, and edit the /etc/sysconfig/selinux file to
change enforcing to permissive.
Saying "it won't allow me to login" is too vague. Is "me" root?
Is login from the console of via ssh? It could be that a boolean
needs to be changed, but that's just speculation at this point.
Once it's in permissive mode, hopefully the problem will be somewhat obvious.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
