Bug 164702 - Setting selinux-policy-strict disables services
Summary: Setting selinux-policy-strict disables services
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict   
(Show other bugs)
Version: 4
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords: Security
: 164703 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-30 16:43 UTC by J. William Cupp
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-25 19:44:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description J. William Cupp 2005-07-30 16:43:20 UTC
From Bugzilla Helper:
User-Agent: Opera/8.02 (Windows NT 5.1; U; en)

Description of problem:
Upon installation of Fedora Core 4, a problem I previously had with FC3 has 
grown much worse.  Formerly, ntpd would not run.  Now, many services do not run, 
including (at least) nifd, networks, etc. and many others.  

A work around has been found in setting SELinux policy to "permissive" rather 
than "enforced."   When "enforced" is used, the FC4 installation is basically 
unusuable.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.  Set SELinux policy to "enforced".
2.  Reboot
  

Additional info:

When policy is "enforced" the boot up text screen shows many services that 
report FAILED on start up.  Generally, the error message reveals file 
permissions are denied, such as to file 'libc.so.6' or other shared object 
files. 

The screen scrolls by much too fast to read it in detail.  If there was a means 
to pipe this text scroll to a log file, I'd like to do so and submit it as an 
addendum to this bug report.  (Anybody want to help me learn how to do this?)

Comment 1 Daniel Walsh 2005-08-01 13:30:14 UTC
Are you running with selinux-policy-strict?  What are you seeing for avc
messages in /var/log/audit/audit.log or /var/log/messages?

You try to relabel the system with the following command

touch /.autorelabel
reboot

Comment 2 Daniel Walsh 2005-08-01 13:31:04 UTC
*** Bug 164703 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.