Hello All-
I haven't updated my FC4T2 installation for a week or so, and did last night ran a yum update to get back on top of the latest releases. Things went okay until I init 0'd to shut down my computer. At the screen where all the processes get killed as Fedora goes down, I was recieving tons of error messages that access to this file and that file was blocked.
Today I booted up into Fedora, and I can not get to runlevel 5 as SELinux is blocking EVERYTHING from running. I can not even "yum update" as SELinux is blocking both the process as well as access to the yum directory.
Is there anything I can do to 1) work around the problem, and 2) send error logs of some sort to help track down the problem?
Any information would be greatly appreciated. Thanks,
-Sean
On Sat, May 14, 2005 at 12:05:16PM -0700, Sean Earp wrote:
Hello All-
I haven't updated my FC4T2 installation for a week or so, and did last night ran a yum update to get back on top of the latest releases. Things went okay until I init 0'd to shut down my computer. At the screen where all the processes get killed as Fedora goes down, I was recieving tons of error messages that access to this file and that file was blocked.
Today I booted up into Fedora, and I can not get to runlevel 5 as SELinux is blocking EVERYTHING from running. I can not even "yum update" as SELinux is blocking both the process as well as access to the yum directory.
Is there anything I can do to 1) work around the problem, and 2) send error logs of some sort to help track down the problem?
Any information would be greatly appreciated. Thanks,
I had something like this happen to me about a month ago. iirc, I booted with selinux=0 and ran 'fixfiles relabel' and it was fine afterwards.
Dave
On Sunday 15 May 2005 05:26, Dave Jones davej@redhat.com wrote:
Today I booted up into Fedora, and I can not get to runlevel 5 as SELinux is blocking EVERYTHING from running. I can not even "yum update" as SELinux is blocking both the process as well as access to the yum directory.
I had something like this happen to me about a month ago. iirc, I booted with selinux=0 and ran 'fixfiles relabel' and it was fine afterwards.
Using enforcing=0 is a better option in this case. While running with selinux=0 security labels are not applied automatically, and therefore files created at shutdown (such as /etc/mtab) don't get labeled.
Today I booted up into Fedora, and I can not get to runlevel 5 as SELinux is blocking EVERYTHING from running. I can not even "yum update" as SELinux is blocking both the process as well as access to the yum directory.
I had something like this happen to me about a month ago. iirc, I booted with selinux=0 and ran 'fixfiles relabel' and it was fine afterwards.
Using enforcing=0 is a better option in this case. While running with selinux=0 security labels are not applied automatically, and therefore files created at shutdown (such as /etc/mtab) don't get labeled.
That's a good bit of info to know as I'm running my laptop with selinux=0 because when I connect it to our corporate network DHCP can't get an IP address with it enabled. Its a Dell D600 laptop with a Broadcom tg3 network adapter. The DHCP server is (unfortunately) a Windows 2003SP1 server.
Pete
On Sunday 29 May 2005 18:24, Peter Robinson pbrobinson@gmail.com wrote:
That's a good bit of info to know as I'm running my laptop with selinux=0 because when I connect it to our corporate network DHCP can't get an IP address with it enabled. Its a Dell D600 laptop with a Broadcom tg3 network adapter. The DHCP server is (unfortunately) a Windows 2003SP1 server.
Are any AVC messages logged when the DHCP client fails?
All, this DHCP thing is probably other thing not SELINUX.
I have SE turned off, and the dhcp(cd)(d) thing fails very often and too strange:
Configuration: eth0 (8139too) and ath0 (madwifi, locally compiled.. hey! why dont include that in fc4?)
eth0: static ip: 172.16.xxx.xxx netmask 255.255.255.0 ath0: dhcp client to a lynksys wifi router
well, no matter in rc5.d there is a link to /etc/init.d/network, the interfaces DONT COME UP when the system is booted... all the stuff is fine and checked 3 times. Running /etc/init.d/network start works fine starting the interfaces... BUT!!!: After a couple of minutes, the IP address of the eth0 card is lost. Then, the ip address of the ath0 is lost also. (only works if eth0 is down)
I run a dhcp server for my other 2 laptops in the main laptop, as they dont have wifi cards and the hotspot is too far away to connect an ethernet cable, so I have a mini hub to provide internet to the other 2 laptops...
If I start dhcpd, it works for about 30 seconds, but then... all ip information is lost again... and again...
manually setting ifconfig eth0 ........ works for about 10 seconds then the address is lost, (more frecuently when dhcpd is running)..
On Sun, 2005-05-29 at 18:38 +1000, Russell Coker wrote:
On Sunday 29 May 2005 18:24, Peter Robinson pbrobinson@gmail.com wrote:
That's a good bit of info to know as I'm running my laptop with selinux=0 because when I connect it to our corporate network DHCP can't get an IP address with it enabled. Its a Dell D600 laptop with a Broadcom tg3 network adapter. The DHCP server is (unfortunately) a Windows 2003SP1 server.
Are any AVC messages logged when the DHCP client fails?
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
On Sun, 2005-05-29 at 17:35 -0500, Gustavo A. Lozano wrote:
Configuration: eth0 (8139too) and ath0 (madwifi, locally compiled.. hey! why dont include that in fc4?)
Madwifi may be an open-source project, but it is built on top of a binary "HAL" that precludes it's inclusion in projects like Fedora. Bummer eh?
Sean
Yes, you have a point there..
On Sun, 2005-05-29 at 15:40 -0700, Sean Bruno wrote:
On Sun, 2005-05-29 at 17:35 -0500, Gustavo A. Lozano wrote:
Configuration: eth0 (8139too) and ath0 (madwifi, locally compiled.. hey! why dont include that in fc4?)
Madwifi may be an open-source project, but it is built on top of a binary "HAL" that precludes it's inclusion in projects like Fedora. Bummer eh?
Sean
More interesting yet, after doing some tests, I came to the conclusion, the ath0 interface lost its ip address as soon as a link is detected in eth0, I re-ran everything with the eth0 unplugged.. and everything worked fine until it get a Link.. I dont if this can probably come from the Interrupts:
ath0 Link encap:Ethernet HWaddr 00:90:96:F6:7E:A7 inet addr:192.168.254.104 Bcast:192.168.254.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:135193 errors:112 dropped:0 overruns:0 frame:112 TX packets:171764 errors:23 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:199 RX bytes:106127772 (101.2 MiB) TX bytes:27167651 (25.9 MiB) Interrupt:11 Memory:dc8c0000-dc8d0000
eth0 Link encap:Ethernet HWaddr 00:02:3F:D8:C0:30 UP BROADCAST NOTRAILERS MULTICAST MTU:1500 Metric:1 RX packets:373 errors:0 dropped:0 overruns:0 frame:0 TX packets:6872 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:39233 (38.3 KiB) TX bytes:451056 (440.4 KiB) Interrupt:11 Base address:0xa000
They are both using the same irq...
On Sun, 2005-05-29 at 18:38 +1000, Russell Coker wrote:
On Sunday 29 May 2005 18:24, Peter Robinson pbrobinson@gmail.com wrote:
That's a good bit of info to know as I'm running my laptop with selinux=0 because when I connect it to our corporate network DHCP can't get an IP address with it enabled. Its a Dell D600 laptop with a Broadcom tg3 network adapter. The DHCP server is (unfortunately) a Windows 2003SP1 server.
Are any AVC messages logged when the DHCP client fails?
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
About the IP configuration being lost, I have tracked the problem to the new NetworkManager program.
I deactivated it, and now everything is normal....
On Sun, 2005-05-29 at 17:41 -0500, Gustavo A. Lozano wrote:
More interesting yet, after doing some tests, I came to the conclusion, the ath0 interface lost its ip address as soon as a link is detected in eth0, I re-ran everything with the eth0 unplugged.. and everything worked fine until it get a Link.. I dont if this can probably come from the Interrupts:
ath0 Link encap:Ethernet HWaddr 00:90:96:F6:7E:A7 inet addr:192.168.254.104 Bcast:192.168.254.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:135193 errors:112 dropped:0 overruns:0 frame:112 TX packets:171764 errors:23 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:199 RX bytes:106127772 (101.2 MiB) TX bytes:27167651 (25.9 MiB) Interrupt:11 Memory:dc8c0000-dc8d0000
eth0 Link encap:Ethernet HWaddr 00:02:3F:D8:C0:30 UP BROADCAST NOTRAILERS MULTICAST MTU:1500 Metric:1 RX packets:373 errors:0 dropped:0 overruns:0 frame:0 TX packets:6872 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:39233 (38.3 KiB) TX bytes:451056 (440.4 KiB) Interrupt:11 Base address:0xa000
They are both using the same irq...
On Sun, 2005-05-29 at 18:38 +1000, Russell Coker wrote:
On Sunday 29 May 2005 18:24, Peter Robinson pbrobinson@gmail.com wrote:
That's a good bit of info to know as I'm running my laptop with selinux=0 because when I connect it to our corporate network DHCP can't get an IP address with it enabled. Its a Dell D600 laptop with a Broadcom tg3 network adapter. The DHCP server is (unfortunately) a Windows 2003SP1 server.
Are any AVC messages logged when the DHCP client fails?
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
On Mon, 30 May 2005, Gustavo A. Lozano wrote:
About the IP configuration being lost, I have tracked the problem to the new NetworkManager program.
I deactivated it, and now everything is normal....
It shouldn't be started by default, even if it's installed. Did you by chance enable it with 'chkconfig' or 'service'?
Dan
As far I remember.. probably, when playing around with 5 different wifi hotspots at our office..
On Mon, 2005-05-30 at 17:37 -0400, Dan Williams wrote:
On Mon, 30 May 2005, Gustavo A. Lozano wrote:
About the IP configuration being lost, I have tracked the problem to the new NetworkManager program.
I deactivated it, and now everything is normal....
It shouldn't be started by default, even if it's installed. Did you by chance enable it with 'chkconfig' or 'service'?
Dan
About the IP configuration being lost, I have tracked the problem to the new NetworkManager program.
I deactivated it, and now everything is normal....
I've played with NetworkManager and it doesn't seem to be able to handle my wired connection at all. That aside, even with it disabled, if I connect my laptop to our LAN with selinux running I can't get an IP address. I'm not sure if its something with my tg3 network card or the fact that the DHCP server is Windows 2003SP1 (probably the windows component in general).
Since I changed my grub config from selinux=0 to enforcing=0 I've seen alot of the avc deny statements in the messages file with some mentions of dhclient and ping. I can attach some if they are of interest to people.
The only thing I can think of that may cause problems (not sure if it would though) is that I'm using a slightly old kernel as the newer ipw2200 works much better for me and was rolled back in some of the later kernels.
Pete
-
Dan Williams -
Dave Jones -
Gustavo A. Lozano -
Peter Robinson -
Russell Coker -
Sean Bruno -
Sean Earp