From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4B7C47DB.40602@gmail.com> Date: Wed, 17 Feb 2010 11:47:39 -0800 From: "Justin P. mattock" MIME-Version: 1.0 To: Stephen Smalley CC: Alan Rouse , Dominick Grift , "'selinux@tycho.nsa.gov'" Subject: Re: SELinux Policy in OpenSUSE 11.2 References: <5A5E55DF96F73844AF7DFB0F48721F0F529A558532@EUSAACMS0703.eamcs.ericsson.se> <1266347411.5252.107.camel@moss-pluto.epoch.ncsc.mil> <5A5E55DF96F73844AF7DFB0F48721F0F529A5587DD@EUSAACMS0703.eamcs.ericsson.se> <1266349121.5252.131.camel@moss-pluto.epoch.ncsc.mil> <5A5E55DF96F73844AF7DFB0F48721F0F529A5588F8@EUSAACMS0703.eamcs.ericsson.se> <4B7B21A2.3080006@gmail.com> <4B7B97D4.7020005@gmail.com> <5A5E55DF96F73844AF7DFB0F48721F0F529A558C9F@EUSAACMS0703.eamcs.ericsson.se> <1266425895.4945.105.camel@moss-pluto.epoch.ncsc.mil> <5A5E55DF96F73844AF7DFB0F48721F0F529A780180@EUSAACMS0703.eamcs.ericsson.se> <1266433081.4945.112.camel@moss-pluto.epoch.ncsc.mil> In-Reply-To: <1266433081.4945.112.camel@moss-pluto.epoch.ncsc.mil> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On 02/17/2010 10:58 AM, Stephen Smalley wrote: > On Wed, 2010-02-17 at 13:34 -0500, Alan Rouse wrote: >> Here's some info about the system now (booting successfully to desktop with selinux enabled) >> >> /etc/selinux/config: >> SELINUX=permissive >> SELINUXTYPE=refpolicy-standard >> >> /etc/dbus-1/system.conf contains: >> contexts/dbus_contexts >> >> var/log/messages does not have any AVC messages in it. >> >> sestatus -v: >> SELinux status: enabled >> SELinuxfs mount: /selinux >> Current mode: permissive >> Mode from config file: permissive >> Policy version: 24 >> Policy from config file: refpolicy-standard >> >> Process contexts: >> Current context: system_u:system_r:kernel_t >> Init context: system_u:system_r:kernel_t >> /sbin/mingetty system_u:system_r:kernel_t >> >> File contexts: >> Controlling term: system_u:object_r:devpts_t >> /etc/passwd system_u:object_r:file_t >> /etc/shadow system_u:object_r:file_t >> /bin/bash system_u:object_r:file_t >> /bin/login system_u:object_r:file_t >> /bin/sh system_u:object_r:file_t -> system_u:object_r:file_t >> /sbin/agetty system_u:object_r:file_t >> /sbin/init system_u:object_r:file_t >> /sbin/mingetty system_u:object_r:file_t >> /usr/sbin/sshd system_u:object_r:file_t >> /lib/libc.so.6 system_u:object_r:file_t -> system_u:object_r:file_t >> /lib/ld-linux.so.2 system_u:object_r:file_t -> system_u:object_r:file_t > > Ok, so all of your processes are still running in kernel_t, and all of > your files are labeled file_t. You need to label your filesystems and > reboot. > o.k. doing a touch .autorelabel doesnt get the filesystem to automatically relabel, so I just did fixfiles relabel now rebooting causes gdm to really crashes and burns i.g. before gdm would try and giveup on the 5 attempt, now it just exits out without even trying like before (i.g. before screen login appears, then goes back to init3, now after relabel just shows an error exit message and thats it.) wow!! never experienced such a failure with wrong file labels on a system(even when running nubuntu).. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.