Bug 164702 - Setting selinux-policy-strict disables services
Setting selinux-policy-strict disables services
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Security
: 164703 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2005-07-30 12:43 EDT by J. William Cupp
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-25 15:44:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description J. William Cupp 2005-07-30 12:43:20 EDT
From Bugzilla Helper:
User-Agent: Opera/8.02 (Windows NT 5.1; U; en)

Description of problem:
Upon installation of Fedora Core 4, a problem I previously had with FC3 has 
grown much worse.  Formerly, ntpd would not run.  Now, many services do not run, 
including (at least) nifd, networks, etc. and many others.  

A work around has been found in setting SELinux policy to "permissive" rather 
than "enforced."   When "enforced" is used, the FC4 installation is basically 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Set SELinux policy to "enforced".
2.  Reboot

Additional info:

When policy is "enforced" the boot up text screen shows many services that 
report FAILED on start up.  Generally, the error message reveals file 
permissions are denied, such as to file 'libc.so.6' or other shared object 

The screen scrolls by much too fast to read it in detail.  If there was a means 
to pipe this text scroll to a log file, I'd like to do so and submit it as an 
addendum to this bug report.  (Anybody want to help me learn how to do this?)
Comment 1 Daniel Walsh 2005-08-01 09:30:14 EDT
Are you running with selinux-policy-strict?  What are you seeing for avc
messages in /var/log/audit/audit.log or /var/log/messages?

You try to relabel the system with the following command

touch /.autorelabel
Comment 2 Daniel Walsh 2005-08-01 09:31:04 EDT
*** Bug 164703 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.