Troubleshootng the Selunix troubleshooter
Richard Chapman
rchapman at aardvark.com.au
Thu Jan 8 04:09:25 UTC 2009
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Richard Chapman wrote:
>
>> Hi again Daniel
>>
>> Here is some more info on this problem - which may be significant...
>> After checking the link from my last email again I tried:
>> [root at C5 ~]# fixfiles relabel
>>
>> Files in the /tmp directory may be labeled incorrectly, this command
>> can remove all files in /tmp. If you choose to remove files from /tmp,
>> a reboot will be required after completion.
>> Do you wish to clean out the /tmp directory [N]? y
>> Cleaning out /tmp
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 18
>> has invalid context user_u:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 19
>> has invalid context user_u:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 20
>> has invalid context user_u:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 21
>> has invalid context user_u:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 23
>> has invalid context user_u:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 40
>> has invalid context root:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 41
>> has invalid context root:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 42
>> has invalid context root:object_r:user_mozilla_home_t:s0
>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 43
>> has invalid context root:object_r:user_mozilla_home_t:s0
>> Exiting after 10 errors.
>> [root at C5 ~]#
>>
>> Looks like there is a problem with the policy? Any suggestions how to
>> resolve this?
>>
>>
>> Richard.
>>
>>
>> Richard Chapman wrote:
>>
>>> Thanks Daniel
>>>
>>> I'm pretty sure you are right - that there is something wrong with the
>>> labelling - but
>>>
>>> touch /.autorelabel; reboot
>>>
>>> Doesn't seem to cause the relabelling.
>>> I was a bit suspicious that the relabelling didn't work the first time
>>> - because I also did a touch /forcefsck at the boot when I was
>>> expecting relabelling - and it seemed to do 3 fscks - but no obvious
>>> relabelling. I assumed one of the fscks must have really been a
>>> relabel - but maybe not.... Now wehn I do the touch and reboot - there
>>> is no delay in the reboot messages on the system console.
>>>
>>> I have found this thread - which seem to describe a similar lack of
>>> relabelling - but doesn't offer a solution:
>>> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=17009&forum=37&post_id=60859
>>> <http://www.centos.org/modules/newbb/viewtopic.php?topic_id=17009&forum=37&post_id=60859>
>>>
>>>
>>> I haven't tried the 5.3 policy preview yet. Might that help me with
>>> the relabelling?
>>>
>>> Thanks again
>>>
>>> Richard.
>>>
>>>
>>>
>>>
>>> Daniel J Walsh wrote:
>>>
>> Richard Chapman wrote:
>>
>>
>>>>>> Hi.. When I first installed Centos 5.0 - I disabled SELinux at the
>>>>>> first
>>>>>> sign of trouble. I have now seen the light - and have enabled SELinux
>>>>>> on the system which is now updated to Centos 5.2 with Kernel Linux
>>>>>> 2.6.18-92.1.22.el5 on x86_64. I initially enabled Selinux in permissive
>>>>>> mode - and tried looking at the GUI SELinux Troubleshooter - but it
>>>>>> shows no problems. This may be OK - because there are no "type=avc"
>>>>>> messages in the audit.log file. However there are thousands of "type=
>>>>>> user_avc". Here are the last 20 while in permissive mode:
>>>>>>
>>>>>> type=USER_AVC msg=audit(1231052785.984:833): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=AddMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.984:834): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.985:835): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
>>>>>> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.986:836): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
>>>>>> scontext=system_u:system_r:init_t:s0
>>>>>> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.987:837): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.987:838): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=AddMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.987:839): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.988:840): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
>>>>>> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.989:841): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
>>>>>> scontext=system_u:system_r:init_t:s0
>>>>>> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.990:842): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.990:843): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=AddMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.990:844): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.991:845): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
>>>>>> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.991:846): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
>>>>>> scontext=system_u:system_r:init_t:s0
>>>>>> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.992:847): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.992:848): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=AddMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.992:849): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.992:850): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
>>>>>> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.993:851): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
>>>>>> scontext=system_u:system_r:init_t:s0
>>>>>> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>> type=USER_AVC msg=audit(1231052785.994:852): user pid=2489 uid=81
>>>>>> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied {
>>>>>> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
>>>>>> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
>>>>>> scontext=user_u:system_r:initrc_t:s0
>>>>>> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
>>>>>> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
>>>>>>
>>>>>>
>>>>>> If I set the system to Enforcing mode - and log out and log back in -
>>>>>> the login seems to run very slowly. If I try to run the gui SELinux
>>>>>> Troubleshooter - the application window doesn't come up - but I see the
>>>>>> following errors in the boot.log file.
>>>>>>
>>>>>> Jan 3 16:55:54 C5 dbus: avc: received setenforce notice (enforcing=1)
>>>>>> Jan 3 16:56:23 C5 userhelper[24703]: running
>>>>>> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
>>>>>> with system_u:system_r:unconfined_t context Jan 3 16:56:23 C5
>>>>>> userhelper[24703]: running
>>>>>> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
>>>>>> with root privileges on behalf of 'root'
>>>>>> Jan 3 16:58:02 C5 gconfd (root-21790): Exiting
>>>>>> Jan 3 16:58:02 C5 sshd[21044]: pam_unix(sshd:session): session closed
>>>>>> for user nx
>>>>>> Jan 3 16:58:02 C5 su: pam_unix(su-l:session): session closed for
>>>>>> user root
>>>>>> Jan 3 16:58:23 C5 sshd[24747]: Accepted publickey for nx from
>>>>>> 192.168.0.2 port 33869 ssh2
>>>>>> Jan 3 16:58:23 C5 sshd[24747]: pam_unix(sshd:session): session opened
>>>>>> for user nx by (uid=0)
>>>>>> Jan 3 16:58:25 C5 su: pam_unix(su-l:session): session opened for user
>>>>>> root by (uid=102)
>>>>>> Jan 3 16:58:28 C5 dovecot: IMAP(tim): Disconnected: Logged out
>>>>>> Jan 3 16:58:30 C5 gconfd (root-25493): starting (version 2.14.0), pid
>>>>>> 25493 user 'root'
>>>>>> Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
>>>>>> "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
>>>>>> configuration source at position 0
>>>>>> Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
>>>>>> "xml:readwrite:/root/.gconf" to a writable configuration source at
>>>>>> position 1
>>>>>> Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
>>>>>> "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only
>>>>>> configuration source at position 2
>>>>>> Jan 3 16:58:33 C5 pcscd: winscard.c:304:SCardConnect() Reader E-Gate
>>>>>> 0 0
>>>>>> Not Found
>>>>>> Jan 3 16:58:33 C5 last message repeated 4 times
>>>>>> Jan 3 16:58:33 C5 gconfd (root-25493): Resolved address
>>>>>> "xml:readwrite:/root/.gconf" to a writable configuration source at
>>>>>> position 0
>>>>>> Jan 3 16:59:46 C5 gdm[4045]: pam_unix(gdm:session): session opened for
>>>>>> user root by (uid=0)
>>>>>> Jan 3 16:59:59 C5 pcscd: winscard.c:304:SCardConnect() Reader E-Gate
>>>>>> 0 0
>>>>>> Not Found
>>>>>> Jan 3 16:59:59 C5 last message repeated 4 times
>>>>>> Jan 3 17:00:01 C5 crond[25738]: (root) CMD (/var/www/sarg/sarg.cron >
>>>>>> /dev/null 2>&1)
>>>>>> Jan 3 17:00:01 C5 crond[25740]: (root) CMD
>>>>>> (/etc/webmin/webalizer/webalizer.pl /var/log/squid/access.log)
>>>>>> Jan 3 17:00:01 C5 crond[25742]: (root) CMD
>>>>>> (/etc/webmin/status/monitor.pl)
>>>>>> Jan 3 17:00:01 C5 crond[25743]: (root) CMD
>>>>>> (/etc/webmin/fetchmail/check.pl --mail rchapman\@aardvark\.com\.au
>>>>>> --errors)
>>>>>> Jan 3 17:00:01 C5 su: pam_unix(su:session): session opened for user
>>>>>> richard by (uid=0)
>>>>>> Jan 3 17:00:04 C5 su: pam_unix(su:session): session opened for user
>>>>>> postgres by (uid=0)
>>>>>> Jan 3 17:00:04 C5 su: pam_unix(su:session): session closed for user
>>>>>> postgres
>>>>>> Jan 3 17:00:13 C5 su: pam_unix(su:session): session closed for user
>>>>>> richard
>>>>>> Jan 3 17:01:01 C5 crond[25911]: (root) CMD (run-parts /etc/cron.hourly)
>>>>>> Jan 3 17:01:15 C5 userhelper[25928]: running
>>>>>> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
>>>>>> with system_u:system_r:unconfined_t context Jan 3 17:01:15 C5
>>>>>> userhelper[25928]: running
>>>>>> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
>>>>>> with root privileges on behalf of 'root'
>>>>>> Jan 3 17:02:18 C5 setroubleshoot: [dbus.ERROR] could not start dbus:
>>>>>> Did
>>>>>> not receive a reply. Possible causes include: the remote application
>>>>>> did
>>>>>> not send a reply, the message bus security policy blocked the reply,
>>>>>> the
>>>>>> reply timeout expired, or the network connection was broken.
>>>>>> Jan 3 17:03:06 C5 dovecot: imap-login: Login: user=<tim>, method=PLAIN,
>>>>>> rip=192.168.0.199, lip=192.168.0.201
>>>>>> Jan 3 17:03:37 C5 dovecot: IMAP(tim): Disconnected: Logged out
>>>>>> Jan 3 17:04:14 C5 setroubleshoot: [dbus.ERROR] could not start dbus:
>>>>>> Did
>>>>>> not receive a reply. Possible causes include: the remote application
>>>>>> did
>>>>>> not send a reply, the message bus security policy blocked the reply,
>>>>>> the
>>>>>> reply timeout expired, or the network connection was broken.
>>>>>>
>>>>>> I have also tried the comand line sealert application - which runs fine
>>>>>> - but shows no problems:
>>>>>>
>>>>>> [root at C5 <mailto:root at C5> ~]# sealert -a /var/log/audit/audit.log
>>>>>> 100% donefound 0 alerts in /var/log/audit/audit.log
>>>>>> [root at C5 <mailto:root at C5> ~]#
>>>>>> It looks to me as if there is some problem (possibly a policy issue)
>>>>>> with my dbus connection. and this is preventing the selinux
>>>>>> troubleshooter operating in enforcing mode - and also probably causing
>>>>>> some other problems in enforcing mode - though no "type-avc" problems
>>>>>> show up int eh audit logs.
>>>>>>
>>>>>> Can anyone explain to me what "type=user_avc" messages are - and why
>>>>>> they are not reported by teh gui SELinux troubleshooter or sealert? How
>>>>>> should I debug the remainig issues in theis system?
>>>>>>
>>>>>> All adice appreciated.
>>>>>>
>>>>>> Richard.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> fedora-selinux-list mailing list
>>>>>> fedora-selinux-list at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>>>>
>>>>>>
>> Please make sure your labeling is correct.
>>
>> touch /.autorelabel; reboot
>>
>> Looks like the entire system is running with a signal context which is
>> causing you your problems.
>>
>> You might also want to grab the 5.3 policy, a preview is currently
>> available on
>>
>> http://people.redhat.com/dwalsh/SELinux/RHEL5
>>
>
>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>>>
>
>
> Upgrade to the 5.3 policy and see if the problem goes away.
>
Many many thanks Daniel
I eventually tracked down your(?) comments on bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=449420
which lead me to the same conclusion. I installed the 5.3 policy you
directed me to - and touched and rebooted - and the re-label went
through properly for the first time.
The troubleshooter is now working fine - and I am tracking down a couple
of denials related to "spamc" and "webalizer". I've only just started
down this path - but I am happy to fill you in if you are interested...
Thanks again for you incredibly knowledgeable and helpful advice.
Richard.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkllFbEACgkQrlYvE4MpobPrLgCgv/4rm8ybxO3TfRKjRlXtj9M9
> ryIAnRpcVUZgeIGvO2E4g6XYhpb3JUQ3
> =QxJn
> -----END PGP SIGNATURE-----
>
>
More information about the fedora-selinux-list
mailing list