[K12OSN] SELinux boot error issue
Gavin Chester
sales at ecosolutions.com.au
Mon Jun 20 03:40:55 UTC 2005
On Sun, 2005-06-19 at 20:10 -0700, Eric Harrison wrote:
> On Mon, 20 Jun 2005, Gavin Chester wrote:
-snip-
> >> On 6/19/05, Gavin Chester <sales at ecosolutions.com.au> wrote:
> >> I rebooted for the first time (due to power cut and no UPS
> >> fitted) since
> >> doing a yum update and am seeing an error for SELinux flash by
> >> in the
> >> startup messages. Looking in my yum.log I see these two
> >> relevant
> >> packages were (most recently) updated preceding the error
> >> message:
> >>
> >> Jun 18...Updated: selinux-policy-targeted.noarch 1.17.30-3.9
> >> Jun 18...Updated: selinux-policy-targeted-sources.noarch
> >> 1.17.30-3.9
> >>
> >> Trouble is I can't see where to find the exact error message
> >> again to
> >> read it properly. I tried the following /var files: dmesg,
> >> messages,
> >> secure, but none contain the exact error message I saw flash
> >> past.
> >>
> >> Can someone please point me to the file I need to see the
> >> error?
> >>
> >>
> In FC4, the selinux messages go in /var/log/audit/audit.log if you have
> auditd runnnig, otherwise they go to /var/log/messages. In ealier versions,
> they all go to /var/log/messages.
Eric, I'm running FC3 as k12ltsp v 4.2.0 and there is nothing in
the /var/log/messages file that approaches the boot error message that I
saw. It referred to some file problems within /etc but more than that I
couldn't see or remember, which is why I'm trying to track down where
that message has got to :-(
> I'm thinking about having K12LTSP 4.4.0 default to "permissive" mode.
Looking more closely in my /var/log/messages it reports that is how
SELinux is starting:
etc
etc
Jun 19 21:49:56 local kernel: SELinux: Initializing.
Jun 19 21:49:56 local kernel: SELinux: Starting in permissive mode
Jun 19 21:49:56 local irqbalance: irqbalance startup succeeded
Jun 19 21:49:56 local kernel: selinux_register_security: Registering
secondary module capability
etc
etc
etc
... however, the config file would have it otherwise:
[root at local ~]# gedit /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
> Otherwise, I'm going to turn off SELinux for dhcpd, portmap, and mysql,
> which is where I see the most trouble.
>
> All of these settings can be changed by running system-config-securitylevel
> "System Settings" -> "Security Level" -> click on the SELinux tab.
>
... where the settings matched the config file that was set to
"enforce" and "targeted".
At a bit of a loss here :-\
--
Regards,
Gavin Chester
More information about the K12OSN
mailing list