On Sat, Apr 5, 2008 at 9:21 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valent Turkovic wrote:
On Sat, Mar 29, 2008 at 6:55 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valent Turkovic wrote:
On Thu, Mar 27, 2008 at 6:36 PM, John Dennis jdennis@redhat.com wrote:
Valent Turkovic wrote:
I'm creating live cds under rawhide and I have selinux in permissive mode, could that be reason I'm seeing these hundreds of alerts?
https://www.redhat.com/archives/fedora-selinux-list/2008-March/msg00130.html
-- John Dennis jdennis@redhat.com
Ok, I'm an idiot :) I got so much going on at once (work, moving to new apartment, etc...) that I totally forgot I got this replied already.
But I want to keep in permissive an not enforcing mode so is just "load_policy" enough ?
Cheers, Valent.
load_policy and you might need to kill any processes that are running as unlabeled_t. Potentially you could have files that are mislabeled.
I made several load_policy and relabels with reboot ans I still see these errors! Do you have any idea why?
Cheers, Valent .
Do you have two policy files in /etc/selinux/targeted/policy?
# ls -al /etc/selinux/targeted/policy total 4056 drwxr-xr-x 2 root root 4096 2008-04-03 23:05 . drwxr-xr-x 5 root root 4096 2008-04-03 23:05 .. -rw-r--r-- 1 root root 4128435 2008-04-03 23:05 policy.21
as you can see I have only on file in policy directory
If you do, remove the lower version and then execute load_policy, Relabel the file in question and you should not have a problem. If the file is in /tmp you can remove it or set its label to tmp_t.
I'm going now to move all files from /tmp to another folder and then if reboot succeeds I'll delete those files and see if I still see selinux alerts.
So you haven't seen this kind of error? Nobody has reported anything similar?
Valent.
On Sun, Apr 6, 2008 at 10:37 AM, Valent Turkovic valent.turkovic@gmail.com wrote:
On Sat, Apr 5, 2008 at 9:21 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valent Turkovic wrote:
On Sat, Mar 29, 2008 at 6:55 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valent Turkovic wrote:
On Thu, Mar 27, 2008 at 6:36 PM, John Dennis jdennis@redhat.com wrote:
Valent Turkovic wrote: > I'm creating live cds under rawhide and I have selinux in permissive > mode, could that be reason I'm seeing these hundreds of alerts?
https://www.redhat.com/archives/fedora-selinux-list/2008-March/msg00130.html
-- John Dennis jdennis@redhat.com
Ok, I'm an idiot :) I got so much going on at once (work, moving to new apartment, etc...) that I totally forgot I got this replied already.
But I want to keep in permissive an not enforcing mode so is just "load_policy" enough ?
Cheers, Valent.
load_policy and you might need to kill any processes that are running as unlabeled_t. Potentially you could have files that are mislabeled.
I made several load_policy and relabels with reboot ans I still see these errors! Do you have any idea why?
Cheers, Valent .
Do you have two policy files in /etc/selinux/targeted/policy?
# ls -al /etc/selinux/targeted/policy total 4056 drwxr-xr-x 2 root root 4096 2008-04-03 23:05 . drwxr-xr-x 5 root root 4096 2008-04-03 23:05 .. -rw-r--r-- 1 root root 4128435 2008-04-03 23:05 policy.21
as you can see I have only on file in policy directory
If you do, remove the lower version and then execute load_policy, Relabel the file in question and you should not have a problem. If the file is in /tmp you can remove it or set its label to tmp_t.
I'm going now to move all files from /tmp to another folder and then if reboot succeeds I'll delete those files and see if I still see selinux alerts.
So you haven't seen this kind of error? Nobody has reported anything similar?
Valent.
-- http://kernelreloaded.blog385.com/ linux, blog, anime, spirituality, windsurf, wireless registered as user #367004 with the Linux Counter, http://counter.li.org. ICQ: 2125241, Skype: valent.turkovic
Even after deleting all files in /tmp folder I still see these two alerts (in attachemen).
I investigated alert about saved_state.tmp file and with locate file command I found this: /home/valentt/.gconfd/saved_state
does that give you any more clues why I'm seeing these alerts? I'm now in Fedora 8 not in Rawhide but in Rawhide I see same alerts.
Is it possible that livecd-creator does some things and breaks selinux in some way that you still aren't aware of?
Valent.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valent Turkovic wrote:
On Sun, Apr 6, 2008 at 10:37 AM, Valent Turkovic valent.turkovic@gmail.com wrote:
On Sat, Apr 5, 2008 at 9:21 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valent Turkovic wrote:
On Sat, Mar 29, 2008 at 6:55 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valent Turkovic wrote:
On Thu, Mar 27, 2008 at 6:36 PM, John Dennis jdennis@redhat.com wrote: > Valent Turkovic wrote: > > I'm creating live cds under rawhide and I have selinux in permissive > > mode, could that be reason I'm seeing these hundreds of alerts? > > https://www.redhat.com/archives/fedora-selinux-list/2008-March/msg00130.html > > -- > John Dennis jdennis@redhat.com >
Ok, I'm an idiot :) I got so much going on at once (work, moving to new apartment, etc...) that I totally forgot I got this replied already.
But I want to keep in permissive an not enforcing mode so is just "load_policy" enough ?
Cheers, Valent.
load_policy and you might need to kill any processes that are running as unlabeled_t. Potentially you could have files that are mislabeled.
I made several load_policy and relabels with reboot ans I still see these errors! Do you have any idea why?
Cheers, Valent .
Do you have two policy files in /etc/selinux/targeted/policy?
# ls -al /etc/selinux/targeted/policy total 4056 drwxr-xr-x 2 root root 4096 2008-04-03 23:05 . drwxr-xr-x 5 root root 4096 2008-04-03 23:05 .. -rw-r--r-- 1 root root 4128435 2008-04-03 23:05 policy.21
as you can see I have only on file in policy directory
If you do, remove the lower version and then execute load_policy, Relabel the file in question and you should not have a problem. If the file is in /tmp you can remove it or set its label to tmp_t.
I'm going now to move all files from /tmp to another folder and then if reboot succeeds I'll delete those files and see if I still see selinux alerts.
So you haven't seen this kind of error? Nobody has reported anything similar?
Valent.
-- http://kernelreloaded.blog385.com/ linux, blog, anime, spirituality, windsurf, wireless registered as user #367004 with the Linux Counter, http://counter.li.org. ICQ: 2125241, Skype: valent.turkovic
Even after deleting all files in /tmp folder I still see these two alerts (in attachemen).
I investigated alert about saved_state.tmp file and with locate file command I found this: /home/valentt/.gconfd/saved_state
does that give you any more clues why I'm seeing these alerts? I'm now in Fedora 8 not in Rawhide but in Rawhide I see same alerts.
Is it possible that livecd-creator does some things and breaks selinux in some way that you still aren't aware of?
Valent.
You should run restorecon on your homedir. restorecon -R -v ~/
The loading of a different policy will invalidate file context on disk that the new policy does not understand. But reloading the original policy should change the context badk to something that is understood.
selinux@lists.fedoraproject.org