Bug 166079
| Summary: | SELinux relabelling broke system | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alan Cox <alan> |
| Component: | initscripts | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 8.16-1 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-10-03 21:31:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Alan Cox
2005-08-16 18:20:01 UTC
What avc messages did you see when you tried to login? If you boot with enforcing=0 you can still log in and the AVC message will still be recorded. The reason it tried to relabel was that it has no idea what files were created during the period when you were running without SELinux enabled. So it needs to clean up. I know of know other way of doing this. Of course if the system is still hosed after you relabel, that is a major bug. Dan It also has no idea if the policy relabelling will produce the correct result for moved files, so to do it without asking is rude. Ok the only thing I saw with selinux on was "permission denied". I'll go try and repeat the mess now. Ok went through the cause a relabel cycle again and this time its decided to be annoying by working perfectly. No idea what has changed. This was fixed post-FC4 to reboot after relabeling; otherwise, you could end up in the state where it relabeled, but since init, udev, etc. was done pre-relabel, the contexts on your devices for login wouldn't be correct. (As I understand it.) |