Understanding SELinux
Giuseppe Greco
giuseppe.greco at agamura.com
Sun Dec 5 10:38:04 UTC 2004
Thanks Tom,
the situation is now much better... I'm able to start squid,
but I still get the following two error messages:
Starting squid: audit(1102241826.255.0): avc: denied { getattr } for
pid=2435 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
tclass=dir
audit(1102241826.255.0): avc: denied { getattr } for
pid=2435 exe=/usr/sbin/squid path=/tmp dev=dm-3 ino=2
scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
tclass=dir
It looks like there are problems with directories /boot and /tmp...
What's strange is that I get these error messages on a machine where
I just upgraded from FC1 to FC3... I've also another machine on
which I installed FC3 from scratch and here I've no problems at all.
j3d.
On Sat, 2004-12-04 at 16:34 -0800, Tom London wrote:
> I'm guessing that your filesystem is not labeled at all.
>
> You can relabel your entire system by doing
> touch /.autorelabel
> and then rebooting
> or by running
> fixfiles relabel
> and then rebooting
>
> That should get the labeling done on the boot up.
>
> You may want to go get a cup of coffee, it will
> likely take a while (say, 10-20 minutes).
>
> [The 'chcon' is failing because the SELinux label
> for /var/log/boot.log look something like:
> 'system_u:object_r:var_log_t'. You were only
> providing the last component ...]
>
> tom
>
--
----------------------------------------
Giuseppe Greco
::agamura::
phone: +41 (0)91 604 67 65
mobile: +41 (0)79 602 99 27
email: giuseppe.greco at agamura.com
web: www.agamura.com
----------------------------------------
More information about the fedora-selinux-list
mailing list