PDA

View Full Version : SELinux problems in Fedora 8 install



NetArch
11th November 2007, 06:29 PM
I just upgraded my Fedora 7 system to Fedora 8, but apparently the SELinux attributes on my /home partition, which was not reformatted during the install (I did an install, not an "upgrade", so my root and boot partitions were reformatted), are not what the standard SELinux policy was expecting.

Apparently, Fedora 8 has a default SELinux Samba policy of only "Allow Samba to run inconfined scripts in /var/lib/samba/scripts directory". I went in and enabled the "domain controller", "share home directories", and "write files in directories labeled public_content_rw_t". I then enabled "Relabel on next reboot", did a "restorecon -v /home/user for each user, and rebooted, but it still didn't work.

I then tried "chcon -R -t samba_share_t /home/user", but for every hidden directory (and files in hidden directories) it gave a "No such file or directory" error message. And the setroubleshoot browser gave 626 "SELinux is preventing rsyslogd '(syslogd_t) "search" to <Unknown> (samba_share_t).' messages when the chcon command attempted to run. At that point, I gave up and came here looking for answers. I don't wand to disable SELinux, but I'm at a loss.

I should also mention that I did all this before downloading any updates (i.e., did all this on a fresh install), so the updated SElinux policies weren't in place yet. To further muck things up, I did an update to get the new policies, and it "seemed" to work, but yum gave a bunch of "/sbin/ldconfig: Can't open configuration file /etc/ld.so.conf: Permission denied" and "/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied" errors. Looks like there were some major policy errors in the Fedora 8 release, and hence the need for updated selinux policies? I'll search around the forums and see what I find.

What I don't want to have to do is to have to do a restore from backups of my /home partition if I don't have to. 120GB+ over a USB 2.0 interface will be a while...

Can I just force a relabel of my entire /home partition, with all user directories? I thought that's what chcon would do, Do I have to try it again with SELinux in "permissive" mode rather than "enforcing". Right now, I've get it disabled (via the kernel parameter "selinux-0", but that's not a fix...

PeTzZz
11th November 2007, 06:37 PM
Please don't doublepost (http://www.fedoraforum.org/forum/showthread.php?t=171744). Note that you can edit your posts: there is Edit link at the top right of your posts.

Thread closed.

:)