FC3 Strict Policy

Bob Kashani bobk at ocf.berkeley.edu
Sat May 28 01:41:44 UTC 2005 

Try relabeling:

touch /.autorelabel

Then reboot your system.

Bob

On Fri, 2005-05-27 at 15:42 -0700, Jeremy Utley wrote:
> Hello Everyone!
> 
> I'm trying my first foray into experimenting with SELinux, and am
> failing before I even get very far.  I've installed Fedora Core 3 and
> have enabled the SELinux strict policy.  The only way I can log into
> the system now is if I put the system into permissive mode.  Here's
> the denied errors I'm getting:
> 
> May 27 15:15:18 localhost kernel: audit(1117232118.583:0): avc: 
> denied  { getattr } for  pid=4380 exe=/sbin/unix_chkpwd
> path=/var/run/winbindd dev=sda1 ino=1653914
> scontext=system_u:system_r:system_chkpwd_t
> tcontext=system_u:object_r:var_run_t tclass=dir
> May 27 15:15:18 localhost kernel: audit(1117232118.586:0): avc:  denied  { read
> write } for  pid=4381 exe=/sbin/unix_chkpwd name=tty2 dev=tmpfs
> ino=2025 scontext=system_u:system_r:system_chkpwd_t
> tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
> May 27 15:15:18 localhost kernel: audit(1117232118.589:0): avc: 
> denied  { getattr } for  pid=4291 exe=/bin/login
> path=/var/run/winbindd dev=sda1 ino=1653914
> scontext=system_u:system_r:local_login_t
> tcontext=system_u:object_r:var_run_t tclass=dir
> May 27 15:15:18 localhost kernel: audit(1117232118.590:0): avc: 
> denied  { getattr } for  pid=4291 exe=/bin/login path=/root dev=sda1
> ino=1864129 scontext=system_u:system_r:local_login_t
> tcontext=root:object_r:staff_home_dir_t tclass=dir
> 
> The system is fully up to date via yum.  I realize some problems can
> be expected when using the strict policy as opposed to targeted - but
> I can't believe the strict policy would ship in a configuration that
> prevents logging into the system.
> 
> Anyone got any suggestions - I can't believe I'm the only person who's
> faced this, but I did a lot of searching online and couldn't find
> anything.
> 
> Jeremy
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- 
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome

More information about the fedora-selinux-list mailing list