Odd messages during bootup from gdm

[Gene Heskett]

Jim Cornette wrote:
> Gene Heskett wrote:
>>>
>> I'll try it one more time, with it enabled.  But it seems to me that 
>> if restorecon cannot access the config file, and here I'm ASSUMING 
>> that the config file in question is /etc/selinux/config, then I doubt 
>> seriously that restorecon can even begin to rectify the problems.
>>
>> FWIW, here is an ls -lZa of /etc/selinux/config:
>> -rw-r--r--  root     root     system_u:object_r:file_t         
>> /etc/selinux/config
>>
>> Is that anywhere near correct?  Editing has always been done with 
>> vim, as root.
>>
>
> I would not edit a bunch of files in order to relabel.
>
> 1). Boot with selinux=0 into runlevel 1
> 2). run fixfiles relabel and answer yes to clear the /tmp directory
> 3). Reboot the computer after fixfiles relabel is completed.
>
>
> This should relabel the system. (The law book for SELinux)
> After the relabeling, SELinux being enabled (The law enforcement 
> officer) should protect the system by the hopefully properly labeled 
> system.
>
> If this does not relabel your system properly, something is missing on 
> your system related to SELinux policy or functionality.
>
> Jim
>
I agree Jim, but at this stage, I've NDI what might be missing/munged.  
But lets start with the menu choices in system-config-security*, which 
doesn't allow some settings, hence the use of vim to set it.  If that 
"thing" is supposed to be the "approved" tool to do that, then let it 
fully control selinux.  What I have here is certainly crippled.

If this tool is supposed to be able to initiate a repairing relabel of 
the system, add an obvious way to do that to this utility and you'll cut 
the length of threads like this one down considerably.
This is to me, a classic case of security through obscurity, where only 
the blessed guru's who wrote it are supposed to know all the incantations.

Thanks.

-- 
Cheers, Gene