[K12OSN] SELinux boot error issue

Eric Harrison eharrison at mail.mesd.k12.or.us
Mon Jun 20 03:10:46 UTC 2005 

On Mon, 20 Jun 2005, Gavin Chester wrote:

> On Sun, 2005-06-19 at 13:49 -0700, stacey pacquette wrote:
>> I found the error text displayed during bootup in i think the boot log
>> in /var/log, you should be able to read the entire message there.
>
> Thanks for that tip.  Forgot to list that file as one I had checked, but
> no good as far as the error message. Any other file ideas?
>
>>   I also had similar problems with dhcp and winbind settings
>> conflicting with SELinux Security Level settings.
>
> I don't seem to have those issues.  At least, all the dmesg, etc files I
> checked so far showed my services (that were meant to start) all started
> without error at bootup.
>
>>  Changing the security level to passive while trouble shooting helped
>> to resolve the problems, fortunantly all was resolved within the
>> Security Level settings.
>
> I will try that, thanks.  This is done by editing
> the /etc/selinux/config, yes?  Where does it print the warnings after
> that?  I guess that means a reboot to bring up the warnings?
>
> Gavin
>
>>
>> I too was a little ~surprised by the many changes after updating the
>> system, with dhcp being a dependency of the terminal server i was
>> surprised this created problems with the security settings.
>>
>> On 6/19/05, Gavin Chester <sales at ecosolutions.com.au> wrote:
>>         I rebooted for the first time (due to power cut and no UPS
>>         fitted) since
>>         doing a yum update and am seeing an error for SELinux flash by
>>         in the
>>         startup messages.  Looking in my yum.log I see these two
>>         relevant
>>         packages were (most recently) updated preceding the error
>>         message:
>>
>>         Jun 18...Updated: selinux-policy-targeted.noarch 1.17.30-3.9
>>         Jun 18...Updated: selinux-policy-targeted-sources.noarch
>>         1.17.30-3.9
>>
>>         Trouble is I can't see where to find the exact error message
>>         again to
>>         read it properly.  I tried the following /var files: dmesg,
>>         messages,
>>         secure, but none contain the exact error message I saw flash
>>         past.
>>
>>         Can someone please point me to the file I need to see the
>>         error?
>>
>>         If someone can even second guess what the error is (because
>>         you've seen
>>         it yourself very recently) could you even point to fixing
>>         it?  I know
>>         that last bit is very cheeky, so I'll not expect much for my
>>         audacity ;-).  Anyway, once I actually see the error properly
>>         I'll come
>>         crawling back here for some help ;-)  My system _seems_ okay,
>>         but just
>>         making sure ...

In FC4, the selinux messages go in /var/log/audit/audit.log if you have
auditd runnnig, otherwise they go to /var/log/messages. In ealier versions,
they all go to /var/log/messages.

I'm thinking about having K12LTSP 4.4.0 default to "permissive" mode.
Otherwise, I'm going to turn off SELinux for dhcpd, portmap, and mysql,
which is where I see the most trouble.

All of these settings can be changed by running system-config-securitylevel 
"System Settings" -> "Security Level" -> click on the SELinux tab.

-Eric

More information about the K12OSN mailing list