FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 09-20-2011, 06:14 PM
Jon Detert
 
Default selinux policy remnant according to /bin/ls on CentOS 6.0 box

----- Original Message -----
> From: "James Edwards" <jedwards@bsdftw.org>
> To: centos@centos.org
> Sent: Tuesday, September 20, 2011 12:52:34 PM
> Subject: Re: [CentOS] selinux policy remnant according to /bin/ls on CentOS 6.0 box
>
> On 9/20/2011 1:48 PM, Jon Detert wrote:
> > I installed CentOS 6.0 on 2 different x86_64 boxen. Both
> > originally had selinux installed and enabled. I never touched
> > selinux other than to remove as much of it as I could via rpm -e.
> > As far as I can tell, here are the remaining packages that have
> > something to do with it:

-- snip --

> > However:
> >
> > 1) box1 still has files in /selinux whereas box2's /selinux is
> > empty;
> > 2) ls -l on box1 shows a '.' at the end of file/directory, which
> > means a SELinux security context applies, according to
> > https://fedoraproject.org/wiki/Fedora_11_FAQ#Why_does_ls_show_a_dot_.28..29_or_a_ plus_.28.2B.29_at_the_end_on_the_file_modes_for_so me_files.3F
> >
> > Any idea why box1 still seems to have an selinux policy applied,
> > and how to un-apply it?
> >
> > Thanks,
> >
> > Jon
> >
> Did you disable SELinux by changing 'SELINUX=disabled' in
> /etc/sysconfig/selinux? Wouldn't that be easier than removing all

I did not do so explicitly. But it is set to disabled as described above.
I assume the rpm -e did that. So, there must be some other step missing.

As to that being easier: perhaps, had I known that file/setting existed.

> the
> RPMs? If I may ask, is there a reason to removing the packages?

I do not plan to use them.

Less is more, right?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-20-2011, 08:35 PM
Robert Nichols
 
Default selinux policy remnant according to /bin/ls on CentOS 6.0 box

On 09/20/2011 12:48 PM, Jon Detert wrote:
> I installed CentOS 6.0 on 2 different x86_64 boxen. Both originally had selinux installed and enabled. I never touched selinux other than to remove as much of it as I could via rpm -e. As far as I can tell, here are the remaining packages that have something to do with it:
>
> # rpm -qa | grep -iE 'sel|pol'
> checkpolicy-2.0.22-1.el6.x86_64
> libselinux-2.0.94-2.el6.x86_64
> libsepol-2.0.41-3.el6.x86_64
> polkit-0.96-2.el6_0.1.x86_64
> #
>
> Both boxen have those packages.
>
> However:
>
> 1) box1 still has files in /selinux whereas box2's /selinux is empty;
> 2) ls -l on box1 shows a '.' at the end of file/directory,
...

Each inode in the file system still has a security attribute attached.
You need to walk through the file system and remove them, one at a
time:

#!/bin/sh
if [ "$1" = -v ]; then
verbose=y
shift
else
verbose=n
fi

for F in "$@";do
if [ -n "$(getfattr --absolute-names -n security.selinux "$F" 2>/dev/null)"
]; then
[ $verbose = y ] && echo "$F"
setfattr -x security.selinux "$F"
fi
done

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:05 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org