[K12OSN] SELinux boot error issue

Gavin Chester sales at ecosolutions.com.au
Mon Jun 20 03:40:55 UTC 2005 

On Sun, 2005-06-19 at 20:10 -0700, Eric Harrison wrote:
> On Mon, 20 Jun 2005, Gavin Chester wrote:

-snip-

> >> On 6/19/05, Gavin Chester <sales at ecosolutions.com.au> wrote:
> >>         I rebooted for the first time (due to power cut and no UPS
> >>         fitted) since
> >>         doing a yum update and am seeing an error for SELinux flash by
> >>         in the
> >>         startup messages.  Looking in my yum.log I see these two
> >>         relevant
> >>         packages were (most recently) updated preceding the error
> >>         message:
> >>
> >>         Jun 18...Updated: selinux-policy-targeted.noarch 1.17.30-3.9
> >>         Jun 18...Updated: selinux-policy-targeted-sources.noarch
> >>         1.17.30-3.9
> >>
> >>         Trouble is I can't see where to find the exact error message
> >>         again to
> >>         read it properly.  I tried the following /var files: dmesg,
> >>         messages,
> >>         secure, but none contain the exact error message I saw flash
> >>         past.
> >>
> >>         Can someone please point me to the file I need to see the
> >>         error?
> >>
> >>  


> In FC4, the selinux messages go in /var/log/audit/audit.log if you have
> auditd runnnig, otherwise they go to /var/log/messages. In ealier versions,
> they all go to /var/log/messages.

Eric, I'm running FC3 as k12ltsp v 4.2.0 and there is nothing in
the /var/log/messages file that approaches the boot error message that I
saw.  It referred to some file problems within /etc but more than that I
couldn't see or remember, which is why I'm trying to track down where
that message has got to :-(

> I'm thinking about having K12LTSP 4.4.0 default to "permissive" mode.

Looking more closely in my /var/log/messages it reports that is how
SELinux is starting:

etc
etc
Jun 19 21:49:56 local kernel: SELinux:  Initializing.
Jun 19 21:49:56 local kernel: SELinux:  Starting in permissive mode
Jun 19 21:49:56 local irqbalance: irqbalance startup succeeded
Jun 19 21:49:56 local kernel: selinux_register_security:  Registering
secondary module capability
etc
etc
etc
	... however, the config file would have it otherwise:

[root at local ~]# gedit /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#	enforcing - SELinux security policy is enforced.
#	permissive - SELinux prints warnings instead of enforcing.
#	disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#	targeted - Only targeted network daemons are protected.
#	strict - Full SELinux protection.
SELINUXTYPE=targeted


> Otherwise, I'm going to turn off SELinux for dhcpd, portmap, and mysql,
> which is where I see the most trouble.
> 
> All of these settings can be changed by running system-config-securitylevel 
> "System Settings" -> "Security Level" -> click on the SELinux tab.
> 

	... where the settings matched the config file that was set to
"enforce" and "targeted".

At a bit of a loss here :-\
-- 
Regards, 
        Gavin Chester

More information about the K12OSN mailing list