On 08/01/2010 08:01 AM, Jason Pyeron wrote: > So my hack will not work either... > [root at devserver21 ~]# echo 0>/selinux/enforce > [root at devserver21 ~]# chroot /var/mnt/192.168.1.52 > [root at devserver21 /]# passwd apache > passwd: user_u:system_r:initrc_t is not authorized to change the password of > apache How'd you end up in that context? Did you boot to single-user mode? I only have CentOS 5 on which to test. On the host, root normally logs in to an unconfined domain: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t If I chroot, I'm still unconfined: # chroot /var/lib/mock/centos-5-x86_64/root/ bash-3.2# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t:s0 ... and why you'd be getting SELinux warnings after disabling enforcing mode is odd, too. What to "getenforce" and "setenforce permissive" tell you? Is /selinux actually a mounted filesystem?