Hi All<br><br>I have configured SELinux on ContOS 5.1. I have configured the RBAC using MLS (Multilevel Security) Policy. <br>Now i am trying to restart the system services and they are not restarting and it is throwing some error message. <br>
I have a question here, with mls policy enabled will i be able to restart the system service? If yes then what to do and If no what is the reason? <br> <br>Steps to reproduce:<br><br>1) MLS Policy configuration.<br><br>1. Install selinux-policy-mls<br>
2. Set SELINUXTYPE=MLS in /etc/selinux/config file<br>3. touch ./autorelabel; on root's home directory, and reboot the machine.<br>4. While machine is rebooting, change the GRUB parameter.<br>enforcing=0 <br><br>2) Now system is in permissive mode and SELinux status is as follows.<br>
<br># sestatus<br>SELinux status: enabled<br>SELinuxfs mount: /selinux<br>Current mode: permissive<br>Mode from config file: enforcing<br>Policy version: 21 <br>
policy from config file: mls <br><br>3) Restart the system services and they restart successfully.<br><br>[root@turtle11 ~]# service nfs restart<br>Shutting down NFS mountd: [FAILED]<br>
Shutting down NFS daemon: [FAILED]<br>Shutting down NFS quotas: [FAILED]<br>Shutting down NFS services: [FAILED]<br>Starting NFS services: [ OK ]<br>
Starting NFS quotas: [ OK ]<br>Starting NFS daemon: [ OK ]<br>Starting NFS mountd: [ OK ]<br>
<br>4) Now i am setting enforcing mode using setenforce command.<br> <br>root@turtle11 ~]#setenforce 1<br>root@turtle11 ~]# sestatus<br>SELinux status: enabled<br>SELinuxfs mount: /selinux<br>Current mode: enforcing<br>
Mode from config file: enforcing<br>Policy version: 21 <br>Policy from config file: mls <br> <br>5) a) Now system is in enforcing mode and i am trying to restart the system service. The restart will result in error message.<br>
<br>root@turtle11 ~]#service nfs restart<br>/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory<br>/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory <br>
nfs: unrecognized service<br><br>b) When I trying to login it will show the following error.<br><br>turtle login: smbldap3<br>/bin/login:error while loading shared libraries: libcrypt.so.1:failed to map segment from shared object: Permission denied<br>
/sbin/mingetty: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied<br> <br>c) When using su command.<br><br>root@turtle11 ~]# su smbldap3<br>su: error while loading shared libraries: libpam.so.0: failed to map segment from shared object: Permission denied<br>
<br>I am not sure what is going on. I referred to many websites and PDFs but couldn't get the proper solution.<br><br>please help me.<br> <br>Thanks<br>Prakash.<br><br><br>