Bug 145895
Summary: | httpd does not start anymore, lots of avc messages for other deamons | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Daniel Hammer <h0m6r3> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-01-23 21:43:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Daniel Hammer
2005-01-23 11:41:28 UTC
Sorry for harsh word, and also to clearify the issue: It seems not to be selinux-policy-targeted-1.17.30-2.73 alone since older versions show the same result. Seems that new kernel 2.6.10-1.741_FC3 together with selinux-policy-targeted do this "evil" work. With SELINUX=Permissive in /etc/sysconfig/selinux the avc messages remain (concerning httpd, cups, nscd, ntpd, ...) but at least the deamons do start. Nothing else has changed on this system, only the security updates are installed, when they appear. Do you ever run your system without selinux enabled (i.e. turned off completely)? If so does relabelling help? > Do you ever run your system without selinux enabled (i.e. turned off
> completely)? If so does relabelling help?
Ok., RTFM. ;-)
Running with selinux turned off does not change anything, all deamons start
normally and with selinux turned on again the system shows the same errors.
Relabeling DOES HELP, of course. After running "/sbin/fixfiles relabel" the
system works as it should. Anyway, IMHO, there should be some automatism to fix
odd label settings. Thanx anyway ... lets kill that beast!
I think Sitsofe was asking if you had run with it turned off at some point, and then later experienced the labeling issues. No, selinux was always enabled and sec-updates were done automatically. Just when upgrading the kernel it was rebooted and some trouble began ... ;-) Are you using udev? This looks like /dev/log is labeled device_t, it should be labeled devlog_t? Dan # ls -aZ /dev/log srw-rw-rw- root root user_u:object_r:devlog_t /dev/log |