GDM problems: gdm-binary

Daniel B. Thurman dant at cdkkt.com
Fri Dec 21 17:05:55 UTC 2007 

Paul Howarth wrote:
>Daniel B. Thurman wrote:
>> Daniel B. Thurman wrote:
>>> Due to reasons of my /usr space partition running out of
>>> room, I had tar-copied my /usr/share directory into different
>>> partition, deleted the contents of /usr/share, changed the
>>> fstab to mount the /share partition /usr/share. Because there
>>> is a filesystem change, I believed an autorelabel is necessary
>>> to ensure that all of the selinux tags are properly labeled.
>
>...
>
>> I found some more problems with selinux tags and somehow it
>> is not able to label files after a autorelabel which I was
>> hoping it would fix but does not.  Can someone please tell
>> me how to fix these problems?
>> 
>>>From /var/log/audit log:
>> =============================================================
>> type=SYSCALL msg=audit(1198252520.322:187): arch=40000003 
>syscall=102 success=no exit=-13 a0=3 a1=bfc093c0 a2=b7f6d31c 
>a3=0 items=0 ppid=2700 pid=3667 auid=4294967295 uid=0 gid=0 
>euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) 
>comm="sendmail" exe="/usr/sbin/sendmail.sendmail" 
>subj=system_u:system_r:sendmail_t:s0 key=(null)
>> type=AVC msg=audit(1198252520.322:187): avc:  denied  { 
>connectto } for  pid=3667 comm="sendmail" 
>path="/var/run/spamass-milter/spamass-milter.sock" 
>scontext=system_u:system_r:sendmail_t:s0 
>tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
>> type=AVC msg=audit(1198252486.805:186): avc:  denied  { 
>connectto } for  pid=3647 comm="sendmail" 
>path="/var/run/spamass-milter/spamass-milter.sock" 
>scontext=system_u:system_r:sendmail_t:s0 
>tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
>
>This looks remarkably like this bug report:
>https://bugzilla.redhat.com/show_bug.cgi?id=425958
>
>You seem to have the socket labelled as initrc_t rather than 
>spamd_var_run_t, but I don't know why this should happen.
>
>Can you post the output of:
>$ ls -lZd /var/run

drwxr-xr-x  root root system_u:object_r:var_run_t:s0   /var/run

>$ ls -laZ /var/run/spamass-milter

drwxr-x---  sa-milt root    system_u:object_r:spamd_var_run_t:s0 .
drwxr-xr-x  root    root    system_u:object_r:var_run_t:s0   ..
srwxr-xr-x  sa-milt sa-milt system_u:object_r:spamd_var_run_t:s0 spamass-milter.sock

>$ sestatus -v

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

Process contexts:
Current context:                unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/sbin/mingetty                  system_u:system_r:getty_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling term:               unconfined_u:object_r:unconfined_devpts_t:s0
/etc/passwd                     system_u:object_r:etc_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6                  system_u:object_r:lib_t:s0 -> system_u:object_r:lib_t:s0
/lib/ld-linux.so.2              system_u:object_r:lib_t:s0 -> system_u:object_r:ld_so_t:s0

>
>>From /var/log/messages log: (Note that all of these errors are
>> coming from the /usr/share that is mounted from a drive partition
>> while all in / is in its own partition, but /usr/share)
>> =============================================================
>> Dec 21 07:50:21 linux kernel: audit(1198252191.457:5): avc:  
>denied  { search } for  pid=1169 comm="rhgb" name="share" 
>dev=sda2 ino=102929 scontext=system_u:system_r:rhgb_t:s0 
>tcontext=user_u:object_r:default_t:s0 tclass=dir
>
>Try unmounting /usr/share, labelling the now-empty directory as mnt_t,

How do I do this, please?

>remounting /usr/share and labelling the mounted directory as usr_t.
>
>Paul.

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.17.6/1192 - Release Date: 12/21/2007 1:17 PM

More information about the fedora-selinux-list mailing list