Oded Arbel wrote:
I was stressed for time and really didn't feel like running the gauntlet
again, so under the assumption that it did most of the installation
already, I booted the machine.
Good decision. There's nothing mysterious about a Linux system -- you
can know it down to the bare bones, and the setup process shouldn't be
different.
Looking at /var/log/messages, I found this:
Oct 27 20:18:03 x-23 kernel: audit(1161973062.936:52): avc: denied
{ read } for pid=1583 comm="swapon" name="fstab" dev=dm-0 ino=5537800
scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=file
It looks like SELinux (which is enable by default on Fedora Core) is
preventing swapon from accessing /etc/fstab. Any idea why or how to fix
that ?
fstab should have context "user_u:object_r:etc_runtime_t", while on your
system it has context "system_u:object_r:file_t:s0". This will probably
be solved easily by relabeling the filesystem, which'll apply the
security contexts which your SELinux policy expects.
See
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/rhlcommon-section-0068.html
(section "5.2.2. Relabel a File System").
(Yes, this process takes some good 10 minutes, so be patient.)
I assume that generally preventing access to /etc/fstab is
something that I want to do, just not during system startup and not to
swapon.
Actually, that's something I'd want to deny only services which really
don't need it, since reading the fstab is a common operation for so many
programs.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
