I'm getting a SELinux warning when trying to start a perl daemon (bigsister) that I installed on a fresh CentOS 4.2 system and the start fails (there is nothing else logged, I cannot be sure that this is the fail reason but I assume it). However, SELinux is set to permissive mode, isn't permissive mode meant to only issue warnings and not block anything? So, as a first workaround I tried disabling SELinux, but this doesn't work either, I still get the warning which should not happen at all if disabled.
cat /selinux/enforce shows "0" (= not enforced) I disabled by setting SELINUX=disabled in /etc/sysconfig/selinux (whichs symlinks to /etc/selinux). Yes, I rebooted with each try.
The unofficial SELinux FAQ at http://www.crypt.gen.nz/selinux/faq.html says to add a kernel parameter to grub.conf for completely disabling it. However, that's not what I want. I want to disable it by "normal" means (or preferrably set it to *real* permissive mode). What am I doing wrong?
Kai
hi kai,
while in permissive mode, selinux just reports policy violations of the avc .. but doesn't block the action.
the symlink in /etc/sysconfig should point to /etc/selinux/config and not to /etc/syslinux ..
if selinux is disabled, /selinux/enforce does not exist what does the output of `getenforce` tell you ??
btw: are you sure that selinux is the problem ??
Sebastian Schubert wrote on Mon, 30 Jan 2006 20:36:56 +0100:
while in permissive mode, selinux just reports policy violations of the avc .. but doesn't block the action.
That is what I thought.
the symlink in /etc/sysconfig should point to /etc/selinux/config and not to /etc/syslinux ..
Ooops, I accidentally copied the selinux file that I got from /etc/sysconfig/selinux to /etc/selinux after I saw that it's a symlink. I overlooked that the name is config, not selinux. Thanks!
what does the output of `getenforce` tell you ??
getenforce says Permissive, which makes sense now, since config still shows Permissive.
btw: are you sure that selinux is the problem ??
As I said: no, but I can only rule it out for sure if I disable it. There is no other error output and SELinux preventing the server from su'ing to a non-root user would indeed make it fail.
Thanks so far, I'm now going to disable it.
Kai
Kai Schaetzl wrote on Mon, 30 Jan 2006 21:33:05 +0100:
That is what I thought.
Great, with the directive in the correct file it works now, I was able to rule out that SELinux was the culprit.
Kai
-
Kai Schaetzl -
Sebastian Schubert