FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-10-2008, 03:35 PM
"prakash hallalli"
 
Default Fwd: :- MLS policy problem when manully restart the servers .

Hi
I have followed the same steps what you are given the information to change the libc.so.6 file label. Now user will be able to login to the system it not showing any error message while login time. But still i am not able do system restart services. Now it showing error message is* unrecognized service.



I have received the following error messages.

[root@turtle11 ~]# sestatus
SELinux status:***************** enabled
SELinuxfs mount:*************** /selinux
Current mode:******************** permissive


Mode from config file:********* enforcing
Policy version:******************* 21
Policy from config file:******** mls

[root@turtle11 ~]# service nfs restart

Shutting down NFS mountd:********************************** [* OK* ]

Shutting down NFS daemon:********************************* [* OK* ]
Shutting down NFS quotas:*********************************** [ OK* ]
Shutting down NFS services:********************************* [* OK* ]

Starting NFS services:***************************************** * [* OK* ]

Starting NFS quotas:******************************************* ** [* OK* ]
Starting NFS daemon:******************************************* [* OK* ]
Starting NFS mountd:******************************************* * [* OK* ]



[root@turtle11 ~]# setenforce 1
[root@turtle11 ~]# sestatus
SELinux status:*************** ** enabled
SELinuxfs mount:************** * /selinux
Current mode:********************* enforcing

Mode from config file:********** enforcing

Policy version:******************** 21
Policy from config file:********* mls

[root@turtle11 ~]# service nfs restart
nfs: unrecognized service

[root@turtle11 ~]# service ldap restart

ldap: unrecognized service


[root@turtle11 ~]# service samba restart
samba: unrecognized service

[root@turtle11 ~]# service named restart
named: unrecognized service
[root@turtle11 ~]#

Please help me, what should i do.



Thanks,
prakash



*

On Tue, Jun 10, 2008 at 5:37 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:




On Tue, 2008-06-10 at 17:14 +0530, prakash hallalli wrote:

> Hi All

>

> I have configured SELinux on ContOS 5.1. I have configured the RBAC

> using MLS (Multilevel Security) Policy.

> Now i am trying to restart the system services and they are not

> restarting and it is throwing some error message.

> I have a question here, with mls policy enabled will i be able to

> restart the system service? If yes then what to do and If no what is

> the reason?

>

> Steps to reproduce:

>

> 1) MLS Policy configuration.

>

> 1. Install selinux-policy-mls

> 2. Set SELINUXTYPE=MLS in /etc/selinux/config file

> 3. touch ./autorelabel; on root's home directory, and reboot the

> machine.

> 4. While machine is rebooting, change the GRUB parameter.

> enforcing=0

>

> 2) Now system is in permissive mode and SELinux status is as follows.

>

> # sestatus

> SELinux status: * * * * * * * * enabled

> SELinuxfs mount: * * * * * * * /selinux

> Current mode: * * * * * * * * * *permissive

> Mode from config file: * * * *enforcing

> Policy version: * * * * * * * * *21

> policy from config file: * * * *mls

>

> 3) Restart the system services and they restart successfully.

>

> [root@turtle11 ~]# service nfs restart

> Shutting down NFS mountd: * * * * * * * * * * * * * * * * * [FAILED]

> Shutting down NFS daemon: * * * * * * * * * * * * * * * * *[FAILED]

> Shutting down NFS quotas: * * * * * * * * * * * * * * * * * *[FAILED]

> Shutting down NFS services: * * * * * * * * * * * * * * * * *[FAILED]

> Starting NFS services: * * * * * * * * * * * * * * * * * * * * * [

> OK *]

> Starting NFS quotas: * * * * * * * * * * * * * * * * * * * * * * [

> OK *]

> Starting NFS daemon: * * * * * * * * * * * * * * * * * * * * * [

> OK *]

> Starting NFS mountd: * * * * * * * * * * * * * * * * * * * * * *[

> OK *]

>

> 4) Now i am setting enforcing mode using setenforce command.

>

> root@turtle11 ~]#setenforce 1

> root@turtle11 ~]# sestatus

> SELinux status: * * * * * * enabled

> SELinuxfs mount: * * * * */selinux

> Current mode: * * * * * * * enforcing

> Mode from config file: * *enforcing

> Policy version: * * * * * * *21

> Policy from config file: * mls

>

> 5) a) Now system is in enforcing mode and i am trying to restart the

> system service. The restart will result in error message.

>

> root@turtle11 ~]#service nfs restart

> /sbin/consoletype: error while loading shared libraries: libc.so.6:

> cannot open shared object *file: No such file or directory

> /sbin/consoletype: error while loading shared libraries: libc.so.6:

> cannot open shared object file: No such file or directory



This suggests that libc.so.6 has the wrong label. *In older versions of

the policy, this was a difference between targeted and strict/mls

policies. *Boot in single-user mode and run fixfiles -F relabel.



> nfs: unrecognized service

>

> b) When I trying to login it will show the following error.

>

> turtle login: smbldap3

> /bin/login:error while loading shared libraries: libcrypt.so.1:failed

> to map segment from shared object: Permission denied

> /sbin/mingetty: error while loading shared libraries: libc.so.6:

> failed to map segment from shared object: Permission denied

>

> c) When using su command.

>

> root@turtle11 ~]# su smbldap3

> su: error while loading shared libraries: libpam.so.0: failed to map

> segment from shared object: Permission denied

>

> I am not sure what is going on. I referred to many websites and PDFs

> but couldn't get the proper solution.

>

> please help me.

>

> Thanks

> Prakash.

>

>

> --

> fedora-selinux-list mailing list

> fedora-selinux-list@redhat.com

> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--

Stephen Smalley

National Security Agency







--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org