do I need SELinux?
Jim Cornette
fc-cornette at insight.rr.com
Sat Nov 20 06:49:39 UTC 2004
Daniel J Walsh wrote:
> Steven Stern wrote:
>
>> On Fri, 12 Nov 2004 11:07:00 -0500, Daniel J Walsh <dwalsh at redhat.com>
>> wrote:
>>
>>
>>
>>> Steven Stern wrote:
>>>
>>>
>>
>>
>>
>>
>>>> Edit /etc/selinux/config and change the type of policy to
>>>> SELINUXTYPE=policyname.
>>>> What should "policyname" be?
>>>>
>>>>
>>>>
>>>
>>> targeted
>>>
>>> You can try to convert to an SELinux environment by doing the following.
>>>
>>>
>>>> yum install selinux-policy-targeted
>>>> touch /.autorelabel
>>>> reboot
>>>>
>>
>>
>> I tried it. On startup, NFSD failed, my milters failed, and nothing was
>> logging to /var/log/messages.
>>
>> I changed to permissive and extracted all "avc:" messages from the
>> log. The
>> log is attached as avc.txt. For now, I've changed the config to
>> disabled. It
>> looks like SELINUX was either incompletely installed or not completely
>> configured. I suppose that enabling it only on fresh installs is a
>> very good
>> idea!
>>
I have the same type of errors that you descibe. This system was a
pre-selinux system so I decided to use up2date to grab
selinux-policy-targeted. The only packages installed with selinux in the
heading are listed below.
rpm -qa |grep selinux
selinux-policy-targeted-1.17.31-1
libselinux-1.19.1-3
> It does not look like the relabel was successful. Try booting as single
> user, run fixfiles relabel and reboot.
>
fixfiles relabel comes back with a command not found. I am using up2date
to get the strict policy and to see if any deps are pulled in which
include fixfiles.
Jim
>
> Dan
>
--
To err is human, to forgive is against company policy.
More information about the fedora-list
mailing list