setsebool sandbox error on FC6
Stephen Smalley
sds at tycho.nsa.gov
Thu Nov 2 13:25:01 UTC 2006
(please disable html mail at least when posting to public lists)
On Thu, 2006-11-02 at 03:02 -0800, Arthur M. Kang wrote:
> On a fresh install of FC6, I'm getting errors when trying to use the
> setsebool command.
>
> # setsebool httpd_disable_trans 1
> libsemanage.semanage_commit_sandbox: Error while
> renaming /etc/selinux/targeted/modules/active
> to /etc/selinux/targeted/modules/previous.
> Could not change policy booleans
This usually means that there is a labeling problem with /etc/selinux.
Run /sbin/restorecon -R /etc/selinux/targeted/modules. Then try again.
Check for audit messages in /var/log/messages
or /var/log/audit/audit.log (the latter if running auditd).
> Has anyone else experienced similar problems? Is there a problem on
> my end? Is there a fix?
>
> Although the error message is generated, the boolean does get set.
> However, the -P switch doesn't work and the boolean won't stick across
> reboots.
>
> Is there an alternate method to remotely configure booleans that stick
> across reboots?
>
> Any help is appreciated.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list