Selinux so badly corrupted machine can't start
Tony Nelson
tonynelson at georgeanelson.com
Wed Jun 20 02:45:38 UTC 2007
At 9:41 PM -0400 6/19/07, Michael Wiktowy wrote:
>On 6/18/07, Tony Nelson <tonynelson at georgeanelson.com> wrote:
>> At 5:20 PM -0400 6/18/07, Michael Wiktowy wrote:
>> >Couldn't you just change your grub entry to include enforcing=0 at the
>> >boot menu without the Rescue CD step?
>>
>> How would that create the file /.autorelabel? How would you plan to edit
>> grub.conf when the system won't boot due to SELinux labeling issues?
>
>You can press "e" on any grub entry to edit it on boot. This will
>allow you to make changes for just that boot time ... not permanently.
You repeat the obvious steps that have been listed often in this thread.
We know that already. Do you know the kernel parameter to cause SELinux to
relable, without booting and doing `touch /.autorelabel`? Hint: if you
read the whole thread, you'll find it.
>> >I would think that selinux would autorelabel whether it is enforcing
>> >or not. Just as long as it is enabled.
>>
>> It will try. If the SELinux labels are wrong enough it will fail, and the
>> system will be in at least as bad shape as before.
>
>If enforcing is off, selinux isn't going to stop anything. But it will
>continue to log nastiness so it might help to determine what is going
>wrong.
Again you state the obvious. Do you know what happens if SELinux is in
enforcing mode when relabeling?
You haven't been paying attention.
--
____________________________________________________________________
TonyN.:' <mailto:tonynelson at georgeanelson.com>
' <http://www.georgeanelson.com/>
More information about the fedora-list
mailing list