I am running into a ton of issues trying to get my SiI 3112 RAID1 set booting. If anyone knows of a guide to the required voodoo to have this work, please let me know as the f7test3 installer doesn't quite end up with a bootable system.
Among my problems is that fact that SELinux is clobbering grub-install. I get a number of the following errors for a bunch of tmp files, bug or feature?:
Summary SELinux is preventing the /sbin/grub from using potentially mislabeled files (/tmp/sh-thd-1175367330 (deleted)).
Detailed Description SELinux has denied /sbin/grub access to potentially mislabeled file(s) (/tmp /sh-thd-1175367330 (deleted)). This means that SELinux will not allow /sbin/grub to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access.
Allowing Access If you want /sbin/grub to access this files, you need to relabel them using restorecon -v /tmp/sh-thd-1175367330 (deleted). You might want to relabel the entire directory using restorecon -R -v /tmp.
Additional Information
Source Context user_u:system_r:bootloader_t Target Context user_u:object_r:tmp_t Target Objects /tmp/sh-thd-1175367330 (deleted) [ file ] Affected RPM Packages grub-0.97-13 [application] Policy RPM selinux-policy-2.5.10-2.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.home_tmp_bad_labels Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.20-1.3023.fc7 #1 SMP Sun Mar 25 22:12:02 EDT 2007 i686 athlon Alert Count 1 First Seen Sat 31 Mar 2007 08:15:14 PM EDT Last Seen Sat 31 Mar 2007 08:15:14 PM EDT Local ID cb145cc9-d84a-4900-9f36-71be93a6750f Line Numbers
Raw Audit Messages
avc: denied { write } for comm="grub" dev=dm-0 egid=0 euid=0 exe="/sbin/grub" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="grub-install.log.ew4019" path=2F746D702F73682D7468642D31313735333637333330202864656C6574656429 pid=4021 scontext=user_u:system_r:bootloader_t:s0 sgid=0 subj=user_u:system_r:bootloader_t:s0 suid=0 tclass=file tcontext=user_u:object_r:tmp_t:s0 tty=pts0 uid=0
Thanks in advance for any help.
/Mike
On Sat, Mar 31, 2007 at 08:23:24PM -0400, Michael Wiktowy wrote:
It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories.
If you do that, and if you are using selinux, then after such move you have to run 'fixfiles' on target directories.
Security is always PITA and a bunch of tradeoffs. If some particular tradeoffs are right for you it is only for you to tell. If you want avoid hassles just for an installation you can always run with 'selinux=0' and do 'fixfiles' globally once you are done and you plan to turn on selinux.
Michal
On 3/31/07, Michal Jaegermann michal@harddata.com wrote:
If you do that, and if you are using selinux, then after such move you have to run 'fixfiles' on target directories.
Security is always PITA and a bunch of tradeoffs. If some particular tradeoffs are right for you it is only for you to tell. If you want avoid hassles just for an installation you can always run with 'selinux=0' and do 'fixfiles' globally once you are done and you plan to turn on selinux.
Yes ... well, I guess what I am wondering is why the command grub-install is doing that and whether it should be.
/Mike
On Sat, 2007-03-31 at 20:23 -0400, Michael Wiktowy wrote:
I am running into a ton of issues trying to get my SiI 3112 RAID1 set booting. If anyone knows of a guide to the required voodoo to have this work, please let me know as the f7test3 installer doesn't quite end up with a bootable system.
Among my problems is that fact that SELinux is clobbering grub-install. I get a number of the following errors for a bunch of tmp files, bug or feature?:
This looks like a bug in either the SELinux policy or grub. File it against grub and cc both dwalsh AT redhat DOT com and myself and we'll get it fixed up.
This is definitely something that *should* work
Jeremy
On 4/1/07, Jeremy Katz katzj@redhat.com wrote:
On Sat, 2007-03-31 at 20:23 -0400, Michael Wiktowy wrote:
I am running into a ton of issues trying to get my SiI 3112 RAID1 set booting. If anyone knows of a guide to the required voodoo to have this work, please let me know as the f7test3 installer doesn't quite end up with a bootable system.
Among my problems is that fact that SELinux is clobbering grub-install. I get a number of the following errors for a bunch of tmp files, bug or feature?:
This looks like a bug in either the SELinux policy or grub. File it against grub and cc both dwalsh AT redhat DOT com and myself and we'll get it fixed up.
This is definitely something that *should* work
Done. Filed against SELinux policy even though it may be the grub-install script doing things it shouldn't. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235215
I really like that SELinux problem notifier. It makes it very easy to report these problems or temporarily fix them yourself.
/Mike
-
Jeremy Katz -
Michael Wiktowy -
Michal Jaegermann