SELinux Attack!
Karl Larsen
k5di at zianet.com
Mon Oct 15 15:08:11 UTC 2007
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chris wrote:
>
>> On Sun, 14 Oct 2007 11:24:59 -0600
>> Karl Larsen <k5di at zianet.com> wrote:
>>
>>
>>> I have learned a lot about SELinux in the past week. It turns out
>>> the simple fix is to just turn it off. But it is possible I have
>>> learned to live with SELinux turned full on and what to do if there
>>> is trouble.
>>>
>>> This all started when I had to turn on SELinux to use a device,
>>> so I did and there was no problem. So I left it turned on. Then one
>>> morning I turned on my computer and instead of booting clear up in
>>> just one minute, it stopped when init tried to turn on "cups". It
>>> stayed there for 10 minutes! My thoughts were, how did I screw up the
>>> file system so bad? So turned off the boot and booted up in the
>>> rescue mode from a CD, and did #fsck /dev/sdb5 and it said there is
>>> nothing wrong.
>>>
>> I too had SELinux issues. Mine were of my own doing though. I soon
>> found out the easies way to get my box to boot was as Karl mentioned,
>> boot from the CD and rescue it.
>>
>> I mounted the drive (as suggested) but simply edited
>> the /etc/selinux/config file with a simple
>>
>> SELINUX=disabled
>>
>> Bingo - that solved that, rebooted and all was good. What I did next
>> was simply tar up the /selinux directory from my lappy and then applied
>> the tarball to my desktop.
>>
>> Went back into SELinux and had it enabled and set it to relabel on next
>> boot-up.
>>
>> All seems fine after a week. Not sure how I mucked mine up, but I did
>> and this is what I did to correct my fat-fingering.
>>
>>
> A much easier way would have been
>
> boot the kernel and add to boot line
>
> enforcing=0 autorelabel
>
> This should put the machine in permissive mode and force a relabel.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFHE33brlYvE4MpobMRAk+jAJ466PtaC+nXH6v7Pf3VYkAx8H9cqwCfTSmN
> ElLUIMFlyIbCTWPhw/3jIH4=
> =931i
> -----END PGP SIGNATURE-----
>
>
What I did do was using the gui things on F7 I turned on SELinux to
maximum protection and rebooted. After 30 minutes of labeling files it
came up no problems.
This morning it came up just fine with SELinux working.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the fedora-list
mailing list