On 1/7/2012 6:25 PM, Gordon Messmer wrote: > On 01/06/2012 01:36 AM, Bennett Haselton wrote: >> So I still don't know: after creating /.autorelabel (and verifying that >> it's there), and rebooting the system (and then verifying that the >> /.autorelabel file has been deleted, which is supposed to mean the >> auto-relabel actually happened), why am I still seeing the file type >> listed as file_t? > Either SELinux is disabled or your filesystem doesn't support extended > attributes. [root at g6950-21025 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 21 Policy from config file: targeted (same thing happens if I switch to "enforcing", although then things start breaking instead of logging warnings) > Check /proc/cmdline to see if the kernel was instructed to disable > SELinux [root at g6950-21025 ~]# cat /proc/cmdline ro root=/dev/sys-0n1f/root Not sure what that means but I assume it doesn't force SELinux to be disabled. > and check /etc/sysconfig/selinux. [root at g6950-21025 ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted [root at g6950-21025 ~]# Note: SELinux is logging warnings (while in permissive mode) to /var/log/audit/audit.log whenever httpd interacts with one of the files like /tmp/hostname_SKYSLICE.INFO . Presumably that means it's not disabled; SELinux is on, but the file still hasn't been relabeled. > Check /proc/mounts to see what filesystem type your system is using. [root at g6950-21025 ~]# cat /proc/mounts rootfs / rootfs rw 0 0 /dev/root / ext3 rw,data=ordered 0 0 /dev /dev tmpfs rw 0 0 /proc /proc proc rw 0 0 /sys /sys sysfs rw 0 0 none /selinux selinuxfs rw 0 0 /proc/bus/usb /proc/bus/usb usbfs rw 0 0 devpts /dev/pts devpts rw 0 0 /dev/sys-0n1f/vartmp /var/tmp ext3 rw,nosuid,noexec,data=ordered 0 0 /dev/sys-0n1f/tmp /tmp ext3 rw,nosuid,noexec,data=ordered 0 0 /dev/sda1 /boot ext3 rw,data=ordered 0 0 tmpfs /dev/shm tmpfs rw,nosuid,noexec 0 0 none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0 /etc/auto.misc /misc autofs rw,fd=7,pgrp=2217,timeout=300,minproto=5,maxproto=5,indirect 0 0 -hosts /net autofs rw,fd=13,pgrp=2217,timeout=300,minproto=5,maxproto=5,indirect 0 0 > Use "tune2fs -l" to see if an ext3/4 filesystem has the "user_xattr" option. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos In the output above, /dev/root /dev/sys-0n1f/vartmp /dev/sys-0n1f/tmp /dev/sda1 were all listed as ext3, and when I ran "tune2fs -l" on each of them, the output included the line Default mount options: user_xattr acl Bennett