[K12OSN] SELinux boot error issue
Eric Harrison
eharrison at mail.mesd.k12.or.us
Mon Jun 20 03:10:46 UTC 2005
On Mon, 20 Jun 2005, Gavin Chester wrote:
> On Sun, 2005-06-19 at 13:49 -0700, stacey pacquette wrote:
>> I found the error text displayed during bootup in i think the boot log
>> in /var/log, you should be able to read the entire message there.
>
> Thanks for that tip. Forgot to list that file as one I had checked, but
> no good as far as the error message. Any other file ideas?
>
>> I also had similar problems with dhcp and winbind settings
>> conflicting with SELinux Security Level settings.
>
> I don't seem to have those issues. At least, all the dmesg, etc files I
> checked so far showed my services (that were meant to start) all started
> without error at bootup.
>
>> Changing the security level to passive while trouble shooting helped
>> to resolve the problems, fortunantly all was resolved within the
>> Security Level settings.
>
> I will try that, thanks. This is done by editing
> the /etc/selinux/config, yes? Where does it print the warnings after
> that? I guess that means a reboot to bring up the warnings?
>
> Gavin
>
>>
>> I too was a little ~surprised by the many changes after updating the
>> system, with dhcp being a dependency of the terminal server i was
>> surprised this created problems with the security settings.
>>
>> On 6/19/05, Gavin Chester <sales at ecosolutions.com.au> wrote:
>> I rebooted for the first time (due to power cut and no UPS
>> fitted) since
>> doing a yum update and am seeing an error for SELinux flash by
>> in the
>> startup messages. Looking in my yum.log I see these two
>> relevant
>> packages were (most recently) updated preceding the error
>> message:
>>
>> Jun 18...Updated: selinux-policy-targeted.noarch 1.17.30-3.9
>> Jun 18...Updated: selinux-policy-targeted-sources.noarch
>> 1.17.30-3.9
>>
>> Trouble is I can't see where to find the exact error message
>> again to
>> read it properly. I tried the following /var files: dmesg,
>> messages,
>> secure, but none contain the exact error message I saw flash
>> past.
>>
>> Can someone please point me to the file I need to see the
>> error?
>>
>> If someone can even second guess what the error is (because
>> you've seen
>> it yourself very recently) could you even point to fixing
>> it? I know
>> that last bit is very cheeky, so I'll not expect much for my
>> audacity ;-). Anyway, once I actually see the error properly
>> I'll come
>> crawling back here for some help ;-) My system _seems_ okay,
>> but just
>> making sure ...
In FC4, the selinux messages go in /var/log/audit/audit.log if you have
auditd runnnig, otherwise they go to /var/log/messages. In ealier versions,
they all go to /var/log/messages.
I'm thinking about having K12LTSP 4.4.0 default to "permissive" mode.
Otherwise, I'm going to turn off SELinux for dhcpd, portmap, and mysql,
which is where I see the most trouble.
All of these settings can be changed by running system-config-securitylevel
"System Settings" -> "Security Level" -> click on the SELinux tab.
-Eric
More information about the K12OSN
mailing list