Bug 232368
Summary: | cannot boot with enforcing | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | cje |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-03-16 04:01:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
cje
2007-03-15 01:02:31 UTC
This looks like you have something badly labeled as samba_share_t. fixfiles -F restore should clean up the file context. Did you label something major as samba_share_t? ooh. that looks like it's done something! i've got 3087 "Setfiles: relabeling" messages in my system log now! how is that different from the 'complete relabelling of entire filesystem' that's happened twice already during booting when changing selinux modes? anyway, yes "/" has been relabeled from samba_share_t to root_t by fixfiles. it's possible i tried to add a samba share of '/' at some point. (wouldn't expect that to render my system unbootable/insecure/whatever without a warning!) i'm pretty sure i haven't done any command-line stuff to relabel anything .. wouldn't know how and doubt i'd risk guessing - this is my main server. of those 3087 relabels i'd say about 10% are from samba_share_t. the rest are almost all from user_u to system_u. there are a few others including some from "root" to system_u. any idea at all what might have caused this? a lot of the files in the list are ones installed from non-standard repositories or copied from another system or installed from tarballs. also i've run the xen kernel (just dom0) for a while (including yum updates including selinux updates) and then switched back to non-xen. could that affect things? well, the last 'denied' message was six minutes before the fixfiles and that was over an hour ago (it was logging about one denial per minute) so i'm off to reboot. many thanks. |