SELinux revisited

Gene Heskett gene.heskett at verizon.net
Thu Oct 18 08:14:29 UTC 2007


On Thursday 18 October 2007, Andy Green wrote:
>Somebody in the thread at some point said:
>> Greetings;
>>
>> Running 2.6.23 here, on a AMD XP-2800, gig of ram, lots of drive.
>>
>> I thought maybe I should give selinux another chance here.  So I removed
>> the selinux=0 in my grub.conf, and edited its .conf file in /etc/sysconfig
>> to set it for permissive.
>>
>> On the reboot, the relabel wasn't done, so I looked around and reset a
>> fresh /.autorelabel file and rebooted again.  It was already present
>> however.
>>
>> This time it did a very short autorelabel, maybe 2 screens full and was
>> done in just a couple of seconds, at which point it went into yet another
>> reboot cycle making me think it was stuck in a loop or something.
>
>Sounds like you are going about it in a good way FWIW.
>
>> But the next reboot then had auditd advise me there was an error in line
>> 16 of /etc/audit/auditd.rules.
>
>That file looks like this here, in full:
>
># This file contains the auditctl rules that are loaded
># whenever the audit daemon is started via the initscripts.
># The rules are simply the parameters that would be passed
># to auditctl.
>
># First rule - delete all
>-D
>
># Increase the buffers to survive stress events.
># Make this bigger for busy systems
>-b 320
>
># Feel free to add below this line. See auditctl man page
>
>
>Here's the state of the selinux packages here for reference
>
># rpm -qa | grep selinux
>libselinux-2.0.14-9.fc7
>libselinux-python-2.0.14-9.fc7
>selinux-policy-targeted-2.6.4-48.fc7
>selinux-policy-2.6.4-48.fc7
># rpm -qa | grep audit
>audit-libs-python-1.5.6-2.fc7
>audit-libs-1.5.6-2.fc7
>audit-1.5.6-2.fc7

All fc6 here, but uptodate.

># chkconfig --list | grep audit
>auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
>
>I would nuke the entries at the end of your /etc/audit/auditd.rules and
>retry.

I'll give that a shot tomorrow, its getting sleepy out around here, 4am & I've 
already lost any chance at beauty sleep, which wouldn't help at my age 
anyway. :)

>-Andy

Thanks Andy.


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
COBOL is for morons.
		-- E.W. Dijkstra




More information about the fedora-list mailing list