LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-29-2009, 05:43 AM   #1
takayama
Member
 
Registered: Sep 2009
Posts: 97

Rep: Reputation: 0
Selinux strict mode


I have just started to run selinux. When i tested the strict polict with enforcing mode i got this error.
Init: cannot execute "/etc/rc.d/rc.sysinit"
init:entering runlevel: 3
Init: cannot execute "/etc/rc.d/rc"
Init: id "1" respawing to fast: disabled for 5 minutes
Init: id "2" respawing to fast: disabled for 5 minutes
Init: id "3" respawing to fast: disabled for 5 minutes
Init: id "4" respawing to fast: disabled for 5 minutes
Init: id "5" respawing to fast: disabled for 5 minutes

Im running centos 5.3
 
Old 09-29-2009, 06:43 AM   #2
deadeyes
Member
 
Registered: Aug 2006
Posts: 609

Rep: Reputation: 79
Quote:
Originally Posted by takayama View Post
I have just started to run selinux. When i tested the strict polict with enforcing mode i got this error.
Init: cannot execute "/etc/rc.d/rc.sysinit"
init:entering runlevel: 3
Init: cannot execute "/etc/rc.d/rc"
Init: id "1" respawing to fast: disabled for 5 minutes
Init: id "2" respawing to fast: disabled for 5 minutes
Init: id "3" respawing to fast: disabled for 5 minutes
Init: id "4" respawing to fast: disabled for 5 minutes
Init: id "5" respawing to fast: disabled for 5 minutes

Im running centos 5.3
Maybe some labeling that is wrong?
What do you get when doing ls -Z /etc/rc.d/rc.sysinit ?
There is a way to relabel your filesystem.
Try a google search for it. I think that is your problem. Because you dont have access, the script exits immediately and respawns (as is configured in /etc/inittab I think). THere is a safety build in to wait if respawn is to fast.

I have this for that script:
-rwxr-xr-x root root system_ubject_r:initrc_exec_t /etc/rc.d/rc.sysinit

Last edited by deadeyes; 09-29-2009 at 06:46 AM.
 
Old 09-29-2009, 06:50 AM   #3
takayama
Member
 
Registered: Sep 2009
Posts: 97

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by deadeyes View Post
Maybe some labeling that is wrong?
What do you get when doing ls -Z /etc/rc.d/rc.sysinit ?
There is a way to relabel your filesystem.
Try a google search for it. I think that is your problem. Because you dont have access, the script exits immediately and respawns (as is configured in /etc/inittab I think). THere is a safety build in to wait if respawn is to fast.

I have this for that script:
-rwxr-xr-x root root system_ubject_r:initrc_exec_t /etc/rc.d/rc.sysinit

mine /etc/rc.d/rc.sysinit looks exactly the same.
 
Old 09-29-2009, 09:56 AM   #4
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
Quote:
Originally Posted by takayama View Post
mine /etc/rc.d/rc.sysinit looks exactly the same.
Can you please provide more information and some info from the logs. Did you install the strict policy via yum?
What errors are the logs showing? /var/log/messages /var/log/audit/audit.log


Do you know if the system relabeled after the new policy?



to force a relabel


'touch /.autorelabel' then reboot
or
'fixfiles relabel' to relabel a live system

what is audit2why or audit2allow showing?

audit2allow -d

audit2allow -i < /var/log/audit/audit.log

For future reference the more infomation you can provide the easier it is to help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH login keeps failing, saying that "strict" mode is on. ...It isn't lumix Linux - Software 3 12-17-2008 05:23 PM
httpd access with selinux enforce mode, restriction issues. rajnishmishra Linux - Security 3 08-19-2008 03:46 PM
Kernel Panic -- Selinux Strict mode rather than targeted mode Peter_APIIT Fedora 2 07-06-2007 02:23 AM
fc6 selinux - strict vs targeted dansawyer Linux - Security 2 02-07-2007 03:59 PM
cannot edit fstab in SELinux active mode eldraque Fedora 1 01-19-2006 03:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration