Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Everything got broken. selinux-policy-targeted-1.17.30-2.90: msg#00194
|
Subject: |
Everything got broken. selinux-policy-targeted-1.17.30-2.90 |
(Sorry if I break the threading, but my subscription has not kicked in.)
Stephen Smalley says:
On Wed, 2005-03-30 at 00:56 -0500, Omri Schwarz wrote:
>> Right now I have a machine that is using selinux-policy-targeted-1.17.30-2.9
0.n
>> oarch.rpm, and I suffer from the same errors:
>
>> # /usr/sbin/getenforce
>> getenforce: getenforce() failed
>
>> ]# /usr/sbin/getsebool -a
>> getsebool: booleans.c:48: security_get_boolean_names: Assertion
`selinux_mnt'
>> failed.
>> Aborted
>
>> # cat /selinux/enforce
>> 1
>What does 'id' show? What is in your /etc/selinux/config file?
% more /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=Enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
% id
uid=10204(omri) gid=101(cdrecording) groups=0(root),48(apache),101(cdrecording)
context=user_u:system_r:unconfined_t
>> Mar 30 00:55:15 HOST kernel: audit(1112162115.873:0): avc: denied {
search }
>> for pid=6178 exe=/sbin/portmap name=etc dev=hda3 ino=229377
>> scontext=root:system_r:portmap_t tcontext=system_u:object_r:home_root_t
>> tclass=dir
>/etc certainly shouldn't be labeled home_root_t. /sbin/fixfiles restore?
Done.
Afterwards:
% ls -lZ /
drwxr-xr-x root root system_u:object_r:bin_t bin
drwxr-xr-x root root system_u:object_r:boot_t boot
drwxr-xr-x root root system_u:object_r:device_t dev
drwxr-xr-x root root system_u:object_r:home_root_t etc
drwxr-xr-x root root system_u:object_r:home_root_t home
drwxr-xr-x root root system_u:object_r:root_t initrd
drwxr-xr-x root root system_u:object_r:lib_t lib
drwx------ root root system_u:object_r:lost_found_t lost+found
drwxr-xr-x root root system_u:object_r:mnt_t media
drwxr-xr-x root root system_u:object_r:default_t misc
drwxr-xr-x root root system_u:object_r:mnt_t mnt
drwxr-xr-x root root nfs
drwxr-xr-x root root system_u:object_r:usr_t opt
dr-xr-xr-x root root proc
drwxr-x--- root root root:object_r:user_home_dir_t root
drwxr-xr-x root root system_u:object_r:sbin_t sbin
drwxr-xr-x root root selinux
drwxr-xr-x root root system_u:object_r:default_t srv
drwxr-xr-x root root sys
drwxr-xr-x root root system_u:object_r:default_t tftpboot
drwxrwxrwt root root system_u:object_r:tmp_t tmp
drwxr-xr-x root root system_u:object_r:usr_t usr
drwxr-xr-x root root system_u:object_r:var_t var
|
| |
