Problem with Selinux when upgrading from FC3 to FC6

Daniel J Walsh dwalsh at redhat.com
Mon Oct 30 17:25:50 UTC 2006 

andrew.z.savva at jpmorgan.com wrote:
>
> Hi,
>
> I recently upgraded a fedora core 3 machine to FC6 and have a serious 
> problem getting it to function correctly.
>
> On boot up many of the services complain about missing shared 
> libraries, e.g. libssl, libdl.so, etc. However, the system continues 
> on and gets to a (text based) login prompt. I log in on the console 
> and none of the commands work. I try simple commands like "ls", "w", 
> "ifconfig", "init" and it complains about missing libc.so and other 
> really fundamental system libraries.
>
> However what is really strange is that I rebooted into single user 
> mode (i.e. run level 1) and I can log in okay and I can run the above 
> commands as normal! I checked to see if the libraries exist on the 
> disk and everything is perfectly fine. In fact I managed to get a 
> crippled system running from run level 1 and successfully got a 
> network running and started services like postfix, asterisk and httpd 
> without any problems.
>
> If I enter run level 3 or 5 then nothing is accessible from root or 
> through an ordinary user account. I tried various methods of login in 
> including ssh, sftp, etc and each time I am told that the shared 
> library doesn't exist. I did a bit of poking around in run level 3 and 
> although I cannot "ls" the shared library files (because "ls" doesn't 
> work) I can still cd /lib and I can use filename completion to show 
> the files. Then I decided to try run on and I found that running a 
> shared library presents you with information about the lib, e.g. 
> version, GNU licence, etc (that's the first time I knew you could do 
> that so that was something I learnt). This proves that the libraries 
> do exist and they are accessible from run level 1.
>
> I tried both a Selinux kernel (the one from FC6) and my original 
> 2.6.18.1 kernel (without selinux) and both exhibit the same behaviour. 
> When I booted into the selinux kernel the filesystem was relabelled by 
> selinux as expected.
>
> What I don't understand is that selinux is turned off in 
> /etc/sysconfig/selinux and I've never enabled it on my FC3 machine so 
> I don't know why it is broken. I checked through the log files and I 
> don't see any mention of any selinux problems or any reports from 
> selinux but I still thought it might be a selinux related issue.
>
> It's certainly the strangest problem I've ever encountered on Linux. 
> It seems to me like the system is denying access to files and that's 
> what led me to believe it might be a selinux related issue and as I've 
> never used it before I thought it was a likely candidate.
>
> Also I upgraded three other machines (admittedly running different 
> flavours of FC) and ran into no problems in the upgrade. One 
> significant difference between them was that the FC3 machine had 
> selinux installed (but disabled) on it.
>
> I would really appreciate some help because I'm usually able to fix 
> any Linux issue and this one has got me stumped. I have completely 
> lost access to my machine and to make matters worse it is a remote 
> machine and I only get access to it at the weekends!
>
> Thanks in advance,
> Andrew.
>
>
> This communication is for informational purposes only. It is not 
> intended as an offer or solicitation for the purchase or sale of any 
> financial instrument or as an official confirmation of any 
> transaction. All market prices, data and other information are not 
> warranted as to completeness or accuracy and are subject to change 
> without notice. Any comments or statements made herein do not 
> necessarily reflect those of JPMorgan Chase & Co., its subsidiaries 
> and affiliates.
>
> This transmission may contain information that is privileged, 
> confidential, legally privileged, and/or exempt from disclosure under 
> applicable law. If you are not the intended recipient, you are hereby 
> notified that any disclosure, copying, distribution, or use of the 
> information contained herein (including any reliance thereon) is 
> STRICTLY PROHIBITED. Although this transmission and any attachments 
> are believed to be free of any virus or other defect that might affect 
> any computer system into which it is received and opened, it is the 
> responsibility of the recipient to ensure that it is virus free and no 
> responsibility is accepted by JPMorgan Chase & Co., its subsidiaries 
> and affiliates, as applicable, for any loss or damage arising in any 
> way from its use. If you received this transmission in error, please 
> immediately contact the sender and destroy the material in its 
> entirety, whether in electronic or hard copy format. Thank you.
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Boot single user mode
touch /.autorelabel
reboot

Which should fix the labeleing on the system so you can run with SELInux on.

More information about the fedora-selinux-list mailing list