FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-10-2008, 11:44 AM
"prakash hallalli"
 
Default :- MLS policy problem when manully restart the servers .

Hi All

I have configured SELinux on ContOS 5.1. I have configured the RBAC using MLS (Multilevel Security) Policy.
Now i am trying to restart the system services and they are not restarting and it is throwing some error message.

I have a question here, with mls policy enabled will i be able to restart the system service? If yes then what to do and If no what is the reason?
*
Steps to reproduce:

1) MLS Policy configuration.

1. Install selinux-policy-mls

2. Set SELINUXTYPE=MLS in /etc/selinux/config file
3. touch ./autorelabel; on root's home directory, and reboot the machine.
4. While machine is rebooting, change the GRUB parameter.
enforcing=0

2) Now system is in permissive mode and SELinux status is as follows.

**
# sestatus
SELinux status:*********** **** enabled
SELinuxfs mount:*********** ** /selinux
Current mode:************* * * * permissive
Mode from config file:******* enforcing
Policy version:***************** 21**

policy from config file:******* mls

3) Restart the system services and they restart successfully.

[root@turtle11 ~]# service nfs restart
Shutting down NFS mountd:********************************** [FAILED]

Shutting down NFS daemon:********************************* [FAILED]
Shutting down NFS quotas:*********************************** [FAILED]
Shutting down NFS services:********************************* [FAILED]
Starting NFS services:***************************************** * [* OK* ]

Starting NFS quotas:******************************************* * [* OK* ]
Starting NFS daemon:****************************************** [* OK* ]
Starting NFS mountd:******************************************* [* OK* ]


4) Now i am setting enforcing mode using setenforce command.
*
root@turtle11 ~]#setenforce 1
root@turtle11 ~]# sestatus
SELinux status:************ enabled
SELinuxfs mount:********* /selinux
Current mode:************** enforcing

Mode from config file:*** enforcing
Policy version:************* 21**
Policy from config file:** mls
*
5) a) Now system is in enforcing mode and i am trying to restart the system service. The restart will result in error message.


root@turtle11 ~]#service nfs restart
/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object* file: No such file or directory
/sbin/consoletype: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory

nfs: unrecognized service

b) When I trying to login it will show the following error.

turtle login: smbldap3
/bin/login:error while loading shared libraries: libcrypt.so.1:failed to map segment from shared object: Permission denied

/sbin/mingetty: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied
*
c) When using su command.

root@turtle11 ~]# su smbldap3
su: error while loading shared libraries: libpam.so.0: failed to map segment from shared object: Permission denied


I am not sure what is going on. I referred to many websites and PDFs but couldn't get the proper solution.

please help me.
*
Thanks
Prakash.



--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org