Re: FC3 Strict Policy: msg#00191

Try relabeling:

touch /.autorelabel

Then reboot your system.

Bob

On Fri, 2005-05-27 at 15:42 -0700, Jeremy Utley wrote:
> Hello Everyone!
> 
> I'm trying my first foray into experimenting with SELinux, and am
> failing before I even get very far.  I've installed Fedora Core 3 and
> have enabled the SELinux strict policy.  The only way I can log into
> the system now is if I put the system into permissive mode.  Here's
> the denied errors I'm getting:
> 
> May 27 15:15:18 localhost kernel: audit(1117232118.583:0): avc: 
> denied  { getattr } for  pid=4380 exe=/sbin/unix_chkpwd
> path=/var/run/winbindd dev=sda1 ino=1653914
> scontext=system_u:system_r:system_chkpwd_t
> tcontext=system_u:object_r:var_run_t tclass=dir
> May 27 15:15:18 localhost kernel: audit(1117232118.586:0): avc:  denied  { 
> read
> write } for  pid=4381 exe=/sbin/unix_chkpwd name=tty2 dev=tmpfs
> ino=2025 scontext=system_u:system_r:system_chkpwd_t
> tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
> May 27 15:15:18 localhost kernel: audit(1117232118.589:0): avc: 
> denied  { getattr } for  pid=4291 exe=/bin/login
> path=/var/run/winbindd dev=sda1 ino=1653914
> scontext=system_u:system_r:local_login_t
> tcontext=system_u:object_r:var_run_t tclass=dir
> May 27 15:15:18 localhost kernel: audit(1117232118.590:0): avc: 
> denied  { getattr } for  pid=4291 exe=/bin/login path=/root dev=sda1
> ino=1864129 scontext=system_u:system_r:local_login_t
> tcontext=root:object_r:staff_home_dir_t tclass=dir
> 
> The system is fully up to date via yum.  I realize some problems can
> be expected when using the strict policy as opposed to targeted - but
> I can't believe the strict policy would ship in a configuration that
> prevents logging into the system.
> 
> Anyone got any suggestions - I can't believe I'm the only person who's
> faced this, but I did a lot of searching online and couldn't find
> anything.
> 
> Jeremy
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- 
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	FC3 Strict Policy, Jeremy Utley
Next by Date:	Re: policy SSH, Felipe Alfaro Solana
Previous by Thread:	FC3 Strict Policy, Jeremy Utley
Next by Thread:	On building a smaller 'strict' policy., Valdis . Kletnieks
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

FC3 Strict Policy, Jeremy Utley

Next by Date:

Re: policy SSH, Felipe Alfaro Solana

Previous by Thread:

FC3 Strict Policy, Jeremy Utley

Next by Thread:

On building a smaller 'strict' policy., Valdis . Kletnieks

Indexes:

[Date] [Thread] [Top] [All Lists]

Free Magazines

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe