SELinux Attack!

Karl Larsen k5di at zianet.com
Mon Oct 15 15:08:11 UTC 2007


Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chris wrote:
>   
>> On Sun, 14 Oct 2007 11:24:59 -0600
>> Karl Larsen <k5di at zianet.com> wrote:
>>
>>     
>>>     I have learned a lot about SELinux in the past week. It turns out 
>>> the simple fix is to just turn it off. But it is possible I have
>>> learned to live with SELinux turned full on and what to do if there
>>> is trouble.
>>>
>>>     This all started when I had to turn on SELinux to use a device,
>>> so I did and there was no problem. So I left it turned on. Then one
>>> morning I turned on my computer and instead of booting clear up in
>>> just one minute, it stopped when init tried to turn on "cups". It
>>> stayed there for 10 minutes! My thoughts were, how did I screw up the
>>> file system so bad? So turned off the boot and booted up in the
>>> rescue mode from a CD, and did #fsck /dev/sdb5 and it said there is
>>> nothing wrong.
>>>       
>> I too had SELinux issues. Mine were of my own doing though. I soon
>> found out the easies way to get my box to boot was as Karl mentioned,
>> boot from the CD and rescue it. 
>>
>> I mounted the drive (as suggested) but simply edited
>> the /etc/selinux/config file with a simple
>>
>> SELINUX=disabled
>>
>> Bingo - that solved that, rebooted and all was good. What I did next
>> was simply tar up the /selinux directory from my lappy and then applied
>> the tarball to my desktop.
>>
>> Went back into SELinux and had it enabled and set it to relabel on next
>> boot-up.
>>
>> All seems fine after a week. Not sure how I mucked mine up, but I did
>> and this is what I did to correct my fat-fingering.
>>
>>     
> A much easier way would have been
>
> boot the kernel and add to boot line
>
> enforcing=0 autorelabel
>
> This should put the machine in permissive mode and force a relabel.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFHE33brlYvE4MpobMRAk+jAJ466PtaC+nXH6v7Pf3VYkAx8H9cqwCfTSmN
> ElLUIMFlyIbCTWPhw/3jIH4=
> =931i
> -----END PGP SIGNATURE-----
>
>   
    What I did do was using the gui things on F7 I turned on SELinux to 
maximum protection and rebooted. After 30 minutes of labeling files it 
came up no problems.
This morning it came up just fine with SELinux working.

-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.




More information about the fedora-list mailing list