more on selinux
Stephen Smalley
sds at tycho.nsa.gov
Thu Dec 7 14:05:50 UTC 2006
On Wed, 2006-12-06 at 16:41 -0600, olga at urbantimes.net wrote:
> It seems that mysql and other services have problem (syslog won't start
> either) because certain libraries won't load. Now I come up with this
> message:
>
> Starting system logger: syslogd: error while loading shared libraries:
> libc.so.6: cannot open shared object file: Permission denied
>
> I get similar libc.* errors for other services, including mysql.
>
> If seen posts with others having the same message, but they got rid of it
> by disabling selinux.
>
> Does anyone know how to solve this without disabling selinux?
This suggests that your filesystem is not labeled correctly, e.g. if you
disabled SELinux earlier and installed some updates (like glibc), then
those files wouldn't have the necessary security labels. You can
selectively relabel files or directories via restorecon,
e.g. /sbin/restorecon -R /lib, but you may need to perform a full
filesystem relabel to ensure complete coverage (touch /.autorelabel;
reboot). If even that doesn't work, boot with "enforcing=0 single" on
the kernel command line to come up in permissive mode (don't deny
anything, just log) and in single-user mode, and then run "fixfiles
relabel", then reboot.
--
Stephen Smalley
National Security Agency
More information about the fedora-list
mailing list