On Mon, 2008-10-20 at 14:29 -0400, Jessica Blank (T2 NY) wrote: > On a fairly recent RHEL5 install, when SELinux is enabled (and not set > to permissive), SELinux has gotten very messed up. One can't even > restart mcstransd; SELinux won't let it read libselinux.so.1: > > -----------[snip]------------------------- > [EMAIL PROTECTED] dirname]# /etc/init.d/mcstrans restart > Stopping mcstransd: [FAILED] > Starting mcstransd: mcstransd: error while loading shared libraries: > libselinux.so.1: cannot open shared object file: Permission denied > [FAILED] > -----------[snip]------------------------- > > After 'setenforce 0' or 'setenforce permissive', the above works. > > I have an almost identical machine, also running RHEL5. I tried > copying over /etc/selinux from the working box to the one with the > problems, then restoring the default SELinux contexts on all files > with 'chcon -r /'... No go. > > What is going on here? How can I truly restore the SELinux > configuration to its 'factory default' state? It would be useful to know the precise label on your libselinux.so.1 (ls -Z /lib/libselinux.so.1) and to see the avc message you got in /var/log/messages or /var/log/audit/audit.log.
But you can do a full relabel via: touch /.autorelabel reboot Should also happen if you specify autorelabel on the kernel command line at boot. Or you can manually boot into single-user and run /sbin/fixfiles relabel. -- Stephen Smalley National Security Agency _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
