On 08/01/2010 08:01 AM, Jason Pyeron wrote:
So my hack will not work either... [root@devserver21 ~]# echo 0>/selinux/enforce [root@devserver21 ~]# chroot /var/mnt/192.168.1.52 [root@devserver21 /]# passwd apache passwd: user_u:system_r:initrc_t is not authorized to change the password of apache
How'd you end up in that context? Did you boot to single-user mode?
I only have CentOS 5 on which to test. On the host, root normally logs in to an unconfined domain:
# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t
If I chroot, I'm still unconfined:
# chroot /var/lib/mock/centos-5-x86_64/root/ bash-3.2# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t:s0
... and why you'd be getting SELinux warnings after disabling enforcing mode is odd, too. What to "getenforce" and "setenforce permissive" tell you? Is /selinux actually a mounted filesystem?