[lug] SElinux Relabel

stimits at comcast.net stimits at comcast.net
Wed Oct 23 21:49:09 MDT 2013 

I believe one of three things went wrong. Possibility one is that during the install telling it I wanted to mount those partitions in a /usr/local/ mount point made it believe it needed to relabel; possibility 2 seems more likely...after it was up and running I did a complete update of RPMs, one or two of which were selinux related policy type updates...perhaps the update there caused it to relabel partitions it had no business relabeling. The third possibility, I'm thinking the old install was told to set selinux to permissive or just to warn, as I have a similar thought on selinux that I don't like messing with it, but that the new boot loader setup could have done something to enable a less permissive setting that what it ran on...in which case the filesystem never changed, only the kernel's idea of selinux setup would have changed.

So if I chroot into the old partitions and try to relabel, I'm trying to figure out what command to use to force the relabel...I tend to shy away from selinux. Or, what parameter I can add in grub2 to tell the older fedora 16 boot to not use selinux at all. I hate having to research this stuff before I can get my old system back up and running.

----- Original Message -----
From: Davide Del Vento 
To: Boulder (Colorado) Linux Users Group -- General Mailing List 
Sent: Thu, 24 Oct 2013 03:18:22 -0000 (UTC)
Subject: Re: [lug] SElinux Relabel

On Wed, Oct 23, 2013 at 6:27 PM,  <stimits at comcast.net> wrote:


 If I accidentally mess up the fedora 19 I'll only have windows for login, but my work is on linux.
You can always use a live-boot from removable media and mount (possible rw if necessary) the partitions you're interested in. Not an ideal work condition, but not quite the "I'm locked out" you describe. You may want to test which distro works best with this arrangement so you know your escape route before you start messing up with F19 (do you need to?)



For your actual question, I am of the camp of "life is too short for SElinux" (and not having to administer a server makes my position ok), so I'm sorry I can't help you with that, other than "try to turn SElinux off, if you can from the bootloader without logging in". Since F16 is now the backup install, maybe that's ok for you too.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20131024/d18144d4/attachment.html>

More information about the LUG mailing list