Errors while rebooting (selinux related)

Jim Cornette jim-cornette at insight.rr.com
Fri Jun 11 00:41:08 UTC 2004


stucklep wrote:

>Hello,
>
>I get about 50 of these denied-type errors on reboot after installing
>Core 2.  What might be the problem(s)?
>
>Jun  9 19:09:23 owl kernel: audit(1086808127.591:0): avc:  denied  {
>getattr } for  pid=1 exe=/sbin/init path=/dev/initctl dev=hda3 ino=73171
>scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
>tclass=fifo_file
>
>Jun  9 19:09:23 owl kernel: audit(1086808127.591:0): avc:  denied  {
>read write } for  pid=1 exe=/sbin/init name=initctl dev=hda3 ino=73171
>scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
>tclass=fifo_file
>
>Jun  9 19:09:23 owl kernel: audit(1086808127.693:0): avc:  denied  {
>execute } for  pid=280 exe=/bin/bash name=hostname dev=hda3 ino=837233
>scontext=system_u:system_r:kernel_t
>tcontext=system_u:object_r:hostname_exec_t tclass=file
>
>Jun  9 19:09:23 owl kernel: audit(1086808127.693:0): avc:  denied  {
>execute_no_trans } for  pid=280 exe=/bin/bash path=/bin/hostname
>dev=hda3 ino=837233 scontext=system_u:system_r:kernel_t
>tcontext=system_u:object_r:hostname_exec_t tclass=file
>
>Jun  9 19:09:23 owl kernel: audit(1086808129.245:0): avc:  denied  {
>getattr } for  pid=279 exe=/sbin/initlog path=/dev/log dev=hda3
>ino=65676 scontext=system_u:system_r:kernel_t
>tcontext=system_u:object_r:file_t tclass=sock_file
>
>Jun  9 19:09:23 owl kernel: audit(1086808129.245:0): avc:  denied  {
>write } for  pid=279 exe=/sbin/initlog name=log dev=hda3 ino=65676
>scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
>tclass=sock_file
>
>Jun  9 19:09:23 owl kernel: audit(1086808129.330:0): avc:  denied  {
>syslog_console } for  pid=447 exe=/bin/dmesg
>scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t
>tclass=system
>
>Thanks for any assistance.
>
>Paul
>
>
>  
>
These messages are caused by SELinux needing to do things to set 
permissions and context right for it to work as designed. If you want to 
run selinux, there is a list that will help you with setting things up 
to work, as designed.

Otherwise, you might want to add to your /etc/grub.conf file the below:

 kernel /vmlinuz-2.6.6-1.406 ro root=LABEL=/ selinux=0

The selinux=0 is what you want to add to the kernel line. I just added 
my boot line so you know what line that I was referring to.

Also there is a way to set the selinux to off in some config file. I am 
not sure what it is. You might need to search the archives for how to 
disable SELinux.

I did notice two programs on my search for selinux on my computer. I 
have not tried to run them. They are listed below.
/usr/bin/selinuxdisable
/usr/bin/selinuxenabled

I imagine that one disables selinux, which you might desire. The other 
should enable selinux.

I hope running them dos not cause any problems.

Jim






More information about the fedora-list mailing list