PDA

View Full Version : SELinux broken after root disk mirror



micagreenmachin
14th May 2007, 11:19 PM
I recently migrated to a mirrored root disk and in doing so, SELinux does not seem to be working...

I had to disable SELinux to get the system to boot after I configured RAID1 and now, when I go back to enable it in system-config-securitylevel, all of the settings except for /usr/sbin/getsebool are gone. Any idea how to reinstall/reinitialize selinux? I tried reinstalling all of the SELinux packages:
selinux-policy-targeted-2.4.6-62.fc6
libselinux-devel-1.33.4-2.fc6
libselinux-1.33.4-2.fc6
libselinux-python-1.33.4-2.fc6
selinux-policy-2.4.6-62.fc6

with rpm -ivh --replacefiles --replacepkgs but nothing changed...

FC6 1386

Thanks,
-Todd

Seve
14th May 2007, 11:51 PM
Hello:
Have you tried to force a re-label the filesytem ?

touch /.autorelabel

then reboot ?

Seve

micagreenmachin
15th May 2007, 01:02 AM
I had tried that, but didn't re-enable selinux. Now, I enabled selinux, have the touch file in place, and get this error on boot:
/sbin/restorecon: error while loading shared libraries: libselinux.so.1: cannot open shared object file: no such file or directory

Then it disables selinux and drops me to a maintenance-prompt. I had to edit grub on startup with "selinux=disable" as a kernel option to boot after that.

Other than that, the system runs great. I'm just trying to be dilegent and learn selinux, so I want to fix this as it's aparently the way of the future...

Todd

EDIT: I did check to see if the file exists and it does. /lib/libselinux.so.1 - owned by root with perms -rwxr-xr-x.

Seve
15th May 2007, 01:13 AM
Hello:
You could have a look at the restorecon man page to reset / restore the default SELinux security contexts.
restorecon(8) - Linux man page (http://www.die.net/doc/linux/man/man8/restorecon.8.html)
I don't have any experience using it, however, you may want to give it a look see ?

Seve

micagreenmachin
15th May 2007, 02:22 AM
Hello:
You could have a look at the restorecon man page to reset / restore the default SELinux security contexts.
restorecon(8) - Linux man page (http://www.die.net/doc/linux/man/man8/restorecon.8.html)
I don't have any experience using it, however, you may want to give it a look see ?

Seve

That's actually a great idea... I don't know why I didn't think to do that...

I'll be back later.

---reading---

micagreenmachin
15th May 2007, 02:30 AM
Read the man page... Even tried the command on a few files/directories. No output. even with the "vv" option. Command returns 0...

micagreenmachin
15th May 2007, 11:35 PM
I honestly don't know what happened, but I booted up today and forgot that I had enabled selinux last night... It started up, complained about the missing library again, decided to relabeled the FS, rebooted itself and now selinux works.

I have no idea what changed. :confused:

But, as long as it works now, I'm happy. :D

Thanks for the help,
-Todd

Seve
15th May 2007, 11:52 PM
But, as long as it works now, I'm happy. :D
-Todd
Hello:

The magic that is Linux ....... :D

Seve