installation of selinux on non-selinux system

Jim Cornette jim-cornette at insight.rr.com
Sun Nov 21 13:40:40 UTC 2004 

Daniel J Walsh wrote:

> Jim Cornette wrote:
>
>> After upgrading a computer from FC2 to FC3, I decided to give SELinux 
>> a shot and used up2date to retrieve the rpm for 
>> selinux-policy-targeted  and expected for all needed deps to be 
>> pulled in. The other dependent ackages did not get pulled in with 
>> this selection. I ended up having system messages not being 
>> accessable and also httpd being damened with errors. I supposed that 
>> there was an abnormality on my particular system. Within recent days, 
>> I have noted others experiencing similar failures on the fedora-list. 
>> I then decided that this might e a more common prblem than first 
>> expected.
>>
>> Another Fedora user was asking questions regarding running fixfiles 
>> relabel. I noticed that I also did not have fixfiles installed.
>> <>
>
> You need to install policycoreutils and relabel the file system.
>
Thanks Dan for the name of the rpm that is needed for fixfiles so 
relabeling can be performed. My main question is for those systems that 
are upgraded from non-selinux to systems where selinux is desired to be 
added.
If one was to install selinux-policy-targeted via a repository 
installation, up2date in my case. I would expect the inclusion of other 
deps being pulled in.
Selinux gives sort of a working system when using 
system-config-securitylevel to enable selinux via the gui. I am not too 
sure if this would introduce "dep hell" if having policycoreutils pulled 
in when selinux-policy for targeted or strict is pulled from a repo.

After relabeling my filesystem again in runlevel 1, I seem to get the 
same type of errors as experienced before. .mozilla related files seemed 
to be the major files that content was tried to be changed, when  
relabeling for strict. See attached avc for today.
In order to bring up X, running setenforce 0 at a root shell was needed, 
in order to launch X successfully. If there is  some lingering config 
file, either systemwide or hanging out in the per user directory that is 
blocking X, I don't know.

Thanks,
Jim

> Dan

-- 
Peers's Law:
	The solution to a problem changes the nature of the problem.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: after-relabel-no-X
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041121/c3aff238/attachment.ksh>

More information about the fedora-selinux-list mailing list