selinux

[Gene C.]

On Thursday 25 March 2004 22:34, Jeremy Katz wrote:
> On Thu, 2004-03-25 at 17:20 -0500, Gene C. wrote:
> > Is anyone successfully running FC2 "current" development with selinux
> > running in enforcing mode?
> >
> > If you are running selinux in enforcing mode, what (if anything) did you
> > need to change to get it to work?  That is, once you complete the
> > install, did you need to do anything?
>
> It's worked for me with current stuff.  You will want to make sure
> you're running actual current development tree, though, as there have
> been a number of things in that area fixed over the past week.

Then there is either something dramatically wrong or I do not understand what 
is happening.

I downloaded x86_64/images/boot.iso, x86_64/Fedora/base/*, and 
x86_64/Fedora/RPMS/* from sunsite.mff.cuni.cz (reported to be up to date).  I 
then did an "everything" nfs install.

I installed in permissive mode and booted up to make sure everything works 
(had to disable kudzu because of 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119011).  The then 
edited /etc/sysconfig/selinux to change to enforcing mode and rebooted.

The reboot got lots and lots of extra messages ("audit ... avc: denied") plus 
some services failed startup.  Teh I get a popup that gdm cannot start 
because something about "Can't find gdm user".  When I tried to login as root 
from a VT, more messages and the login failed.  I had to reboot up in single 
user mode to change /etc/sysconfig/selinus to change back to permissive mode.

I assume that the above is not your experience.

-- 
Gene