Errors while rebooting (selinux related)

Jim Cornette jim-cornette at insight.rr.com
Fri Jun 11 00:46:23 UTC 2004


Jim Cornette wrote:

...

>> Jun  9 19:09:23 owl kernel: audit(1086808129.330:0): avc:  denied  {
>> syslog_console } for  pid=447 exe=/bin/dmesg
>> scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t
>> tclass=system
>>
>> Thanks for any assistance.
>>
>> Paul
>>
>>
>>  
>>
> These messages are caused by SELinux needing to do things to set 
> permissions and context right for it to work as designed. If you want 
> to run selinux, there is a list that will help you with setting things 
> up to work, as designed.
>
> Otherwise, you might want to add to your /etc/grub.conf file the below:
>
> kernel /vmlinuz-2.6.6-1.406 ro root=LABEL=/ selinux=0
>
> The selinux=0 is what you want to add to the kernel line. I just added 
> my boot line so you know what line that I was referring to.
>
> Also there is a way to set the selinux to off in some config file. I 
> am not sure what it is. You might need to search the archives for how 
> to disable SELinux.
>
> I did notice two programs on my search for selinux on my computer. I 
> have not tried to run them. They are listed below.
> /usr/bin/selinuxdisable
> /usr/bin/selinuxenabled
>
> I imagine that one disables selinux, which you might desire. The other 
> should enable selinux. (wrong, they display status, see below)
>
> good luck,
> Jim
>
>
>
Just an addition to add what the programs do.
 


selinuxenabled(1)     SELinux Command Line documentation
selinuxenabled(1)

NAME
       selinuxenabled  -  tool to be used within shell scripts to
determine if
       selinux is enabled

SYNOPSIS
       selinuxenabled
       Command exits with status 0 if selinux is enabled -256  if  it
is  not
       enabled.

DESCRIPTION
       selinuxenabled Indicates whether SELinux is enabled or disabled.

AUTHOR
            Dan Walsh, <dwalsh at redhat.com>

SEE ALSO
       setenforce"(8)",getenforce"(8)"

dwalsh at redhat.com                7 April 2004
selinuxenabled(1)
(END)







More information about the fedora-list mailing list