Fwd: [MLS Policy]:- MLS policy problem when manully restart the servers .
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 13 19:55:45 UTC 2008
prakash hallalli wrote:
> Hi
> I have followed the same steps what you are given the information to change
> the libc.so.6 file label. Now user will be able to login to the system it
> not showing any error message while login time. But still i am not able do
> system restart services. Now it showing error message is unrecognized
> service.
>
> I have received the following error messages.
>
> [root at turtle11 ~]# sestatus
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: permissive
> Mode from config file: enforcing
> Policy version: 21
> Policy from config file: mls
>
> [root at turtle11 ~]# service nfs restart
> Shutting down NFS mountd: [ OK ]
> Shutting down NFS daemon: [ OK ]
> Shutting down NFS quotas: [ OK ]
> Shutting down NFS services: [ OK ]
> Starting NFS services: [ OK ]
> Starting NFS quotas: [ OK ]
> Starting NFS daemon: [ OK ]
> Starting NFS mountd: [ OK ]
>
> [root at turtle11 ~]# setenforce 1
> [root at turtle11 ~]# sestatus
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: enforcing
> Mode from config file: enforcing
> Policy version: 21
> Policy from config file: mls
>
> [root at turtle11 ~]# service nfs restart
> nfs: unrecognized service
>
> [root at turtle11 ~]# service ldap restart
> ldap: unrecognized service
>
> [root at turtle11 ~]# service samba restart
> samba: unrecognized service
>
> [root at turtle11 ~]# service named restart
> named: unrecognized service
> [root at turtle11 ~]#
>
> Please help me, what should i do.
>
> Thanks,
> prakash
>
>
>
>
>
>
> On Tue, Jun 10, 2008 at 5:37 PM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
>
>> On Tue, 2008-06-10 at 17:14 +0530, prakash hallalli wrote:
>>> Hi All
>>>
>>> I have configured SELinux on ContOS 5.1. I have configured the RBAC
>>> using MLS (Multilevel Security) Policy.
>>> Now i am trying to restart the system services and they are not
>>> restarting and it is throwing some error message.
>>> I have a question here, with mls policy enabled will i be able to
>>> restart the system service? If yes then what to do and If no what is
>>> the reason?
>>>
>>> Steps to reproduce:
>>>
>>> 1) MLS Policy configuration.
>>>
>>> 1. Install selinux-policy-mls
>>> 2. Set SELINUXTYPE=MLS in /etc/selinux/config file
>>> 3. touch ./autorelabel; on root's home directory, and reboot the
>>> machine.
>>> 4. While machine is rebooting, change the GRUB parameter.
>>> enforcing=0
>>>
>>> 2) Now system is in permissive mode and SELinux status is as follows.
>>>
>>> # sestatus
>>> SELinux status: enabled
>>> SELinuxfs mount: /selinux
>>> Current mode: permissive
>>> Mode from config file: enforcing
>>> Policy version: 21
>>> policy from config file: mls
>>>
>>> 3) Restart the system services and they restart successfully.
>>>
>>> [root at turtle11 ~]# service nfs restart
>>> Shutting down NFS mountd: [FAILED]
>>> Shutting down NFS daemon: [FAILED]
>>> Shutting down NFS quotas: [FAILED]
>>> Shutting down NFS services: [FAILED]
>>> Starting NFS services: [
>>> OK ]
>>> Starting NFS quotas: [
>>> OK ]
>>> Starting NFS daemon: [
>>> OK ]
>>> Starting NFS mountd: [
>>> OK ]
>>>
>>> 4) Now i am setting enforcing mode using setenforce command.
>>>
>>> root at turtle11 ~]#setenforce 1
>>> root at turtle11 ~]# sestatus
>>> SELinux status: enabled
>>> SELinuxfs mount: /selinux
>>> Current mode: enforcing
>>> Mode from config file: enforcing
>>> Policy version: 21
>>> Policy from config file: mls
>>>
>>> 5) a) Now system is in enforcing mode and i am trying to restart the
>>> system service. The restart will result in error message.
>>>
>>> root at turtle11 ~]#service nfs restart
>>> /sbin/consoletype: error while loading shared libraries: libc.so.6:
>>> cannot open shared object file: No such file or directory
>>> /sbin/consoletype: error while loading shared libraries: libc.so.6:
>>> cannot open shared object file: No such file or directory
>> This suggests that libc.so.6 has the wrong label. In older versions of
>> the policy, this was a difference between targeted and strict/mls
>> policies. Boot in single-user mode and run fixfiles -F relabel.
>>
>>> nfs: unrecognized service
>>>
>>> b) When I trying to login it will show the following error.
>>>
>>> turtle login: smbldap3
>>> /bin/login:error while loading shared libraries: libcrypt.so.1:failed
>>> to map segment from shared object: Permission denied
>>> /sbin/mingetty: error while loading shared libraries: libc.so.6:
>>> failed to map segment from shared object: Permission denied
>>>
>>> c) When using su command.
>>>
>>> root at turtle11 ~]# su smbldap3
>>> su: error while loading shared libraries: libpam.so.0: failed to map
>>> segment from shared object: Permission denied
>>>
>>> I am not sure what is going on. I referred to many websites and PDFs
>>> but couldn't get the proper solution.
>>>
>>> please help me.
>>>
>>> Thanks
>>> Prakash.
>>>
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> --
>> Stephen Smalley
>> National Security Agency
>>
>>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Try
# run_init service nfs restart
More information about the fedora-selinux-list
mailing list