* autorelabel loops in system executed 'semodule -d unconfined'
@ 2018-09-24 21:55 Shintaro Fujiwara
2018-09-24 22:19 ` Shintaro Fujiwara
0 siblings, 1 reply; 4+ messages in thread
From: Shintaro Fujiwara @ 2018-09-24 21:55 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 261 bytes --]
Hello, SELinux.
I was playing with my F28 latest with 'semodle -d unconfined'.
I executed this and relabeling starts even after finished relebeling
and looks like going into the loop.
# touch /.autorelabel
# shtudown -r now
I have attached a picure.
Thanks.
[-- Attachment #2: SELinu_relabel_fails_after_deleting_unconfiled_module.png --]
[-- Type: image/png, Size: 6335 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: autorelabel loops in system executed 'semodule -d unconfined'
2018-09-24 21:55 autorelabel loops in system executed 'semodule -d unconfined' Shintaro Fujiwara
@ 2018-09-24 22:19 ` Shintaro Fujiwara
2018-09-25 13:46 ` Dominick Grift
0 siblings, 1 reply; 4+ messages in thread
From: Shintaro Fujiwara @ 2018-09-24 22:19 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 1420 bytes --]
Hi, SELinux.
I captured a picture saying this.
rm: cannot remove '/.autorelabel' : Permission denied
/.autorelabel could not be removed, so going into the loop, I guess.
How can I autorelabel properly even if I delete unconfined module?
Thanks.
2018年9月25日(火) 6:55 Shintaro Fujiwara <shintaro.fujiwara@gmail.com>:
>
> Hello, SELinux.
>
> I was playing with my F28 latest with 'semodle -d unconfined'.
> I executed this and relabeling starts even after finished relebeling
> and looks like going into the loop.
> # touch /.autorelabel
> # shtudown -r now
>
> I have attached a picure.
>
> Thanks.
--
Help analyzing sar file
https://github.com/intrajp/sar-analyzer
LFS Scripts will make Linux From Scratch easy
https://github.com/intrajp/LFS-scripts-systemd
SHIRASAGI-hardening Project
https://github.com/intrajp/shirasagi-hardening
Linux Distribution Project
http://sourceforge.net/projects/pinkrabbitlinux/
Introducing hardrock and heavymetal
http://heavymetalhardrock.no-ip.info/
Open Source Software to manage SELinux at ease
http://sourceforge.net/projects/segatex/
Help SELinux administration
https://github.com/intrajp/segatex-ng
network-magic ( Useful tool for network-administrators )
https://github.com/intrajp/network-magic
CMS(with PHP & PostgreSQL)
http://sourceforge.net/projects/webon/
https://github.com/intrajp/irforum_jp
[-- Attachment #2: SELinu_relabel_fails_after_deleting_unconfiled_module_2.png --]
[-- Type: image/png, Size: 19292 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: autorelabel loops in system executed 'semodule -d unconfined'
2018-09-24 22:19 ` Shintaro Fujiwara
@ 2018-09-25 13:46 ` Dominick Grift
2018-09-26 11:05 ` Shintaro Fujiwara
0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2018-09-25 13:46 UTC (permalink / raw)
To: Shintaro Fujiwara; +Cc: selinux
[-- Attachment #1: Type: text/plain, Size: 2143 bytes --]
On Tue, Sep 25, 2018 at 07:19:23AM +0900, Shintaro Fujiwara wrote:
> Hi, SELinux.
>
> I captured a picture saying this.
>
> rm: cannot remove '/.autorelabel' : Permission denied
>
> /.autorelabel could not be removed, so going into the loop, I guess.
>
> How can I autorelabel properly even if I delete unconfined module?
This may or may not be a policy issue (see avc denials), but:
Generally you want to do a full relabel in permissive mode.
>
> Thanks.
> 2018年9月25日(火) 6:55 Shintaro Fujiwara <shintaro.fujiwara@gmail.com>:
> >
> > Hello, SELinux.
> >
> > I was playing with my F28 latest with 'semodle -d unconfined'.
> > I executed this and relabeling starts even after finished relebeling
> > and looks like going into the loop.
> > # touch /.autorelabel
> > # shtudown -r now
> >
> > I have attached a picure.
> >
> > Thanks.
>
>
>
> --
> Help analyzing sar file
> https://github.com/intrajp/sar-analyzer
>
> LFS Scripts will make Linux From Scratch easy
> https://github.com/intrajp/LFS-scripts-systemd
>
> SHIRASAGI-hardening Project
> https://github.com/intrajp/shirasagi-hardening
>
> Linux Distribution Project
> http://sourceforge.net/projects/pinkrabbitlinux/
>
> Introducing hardrock and heavymetal
> http://heavymetalhardrock.no-ip.info/
>
> Open Source Software to manage SELinux at ease
> http://sourceforge.net/projects/segatex/
>
> Help SELinux administration
> https://github.com/intrajp/segatex-ng
>
> network-magic ( Useful tool for network-administrators )
> https://github.com/intrajp/network-magic
>
> CMS(with PHP & PostgreSQL)
> http://sourceforge.net/projects/webon/
> https://github.com/intrajp/irforum_jp
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: autorelabel loops in system executed 'semodule -d unconfined'
2018-09-25 13:46 ` Dominick Grift
@ 2018-09-26 11:05 ` Shintaro Fujiwara
0 siblings, 0 replies; 4+ messages in thread
From: Shintaro Fujiwara @ 2018-09-26 11:05 UTC (permalink / raw)
To: selinux
Hello, Dominick.
I could relabel the system in permissive mode.
Thank you.
2018年9月25日(火) 22:46 Dominick Grift <dac.override@gmail.com>:
>
> On Tue, Sep 25, 2018 at 07:19:23AM +0900, Shintaro Fujiwara wrote:
> > Hi, SELinux.
> >
> > I captured a picture saying this.
> >
> > rm: cannot remove '/.autorelabel' : Permission denied
> >
> > /.autorelabel could not be removed, so going into the loop, I guess.
> >
> > How can I autorelabel properly even if I delete unconfined module?
>
> This may or may not be a policy issue (see avc denials), but:
>
> Generally you want to do a full relabel in permissive mode.
>
> >
> > Thanks.
> > 2018年9月25日(火) 6:55 Shintaro Fujiwara <shintaro.fujiwara@gmail.com>:
> > >
> > > Hello, SELinux.
> > >
> > > I was playing with my F28 latest with 'semodle -d unconfined'.
> > > I executed this and relabeling starts even after finished relebeling
> > > and looks like going into the loop.
> > > # touch /.autorelabel
> > > # shtudown -r now
> > >
> > > I have attached a picure.
> > >
> > > Thanks.
> >
> >
> >
> > --
> > Help analyzing sar file
> > https://github.com/intrajp/sar-analyzer
> >
> > LFS Scripts will make Linux From Scratch easy
> > https://github.com/intrajp/LFS-scripts-systemd
> >
> > SHIRASAGI-hardening Project
> > https://github.com/intrajp/shirasagi-hardening
> >
> > Linux Distribution Project
> > http://sourceforge.net/projects/pinkrabbitlinux/
> >
> > Introducing hardrock and heavymetal
> > http://heavymetalhardrock.no-ip.info/
> >
> > Open Source Software to manage SELinux at ease
> > http://sourceforge.net/projects/segatex/
> >
> > Help SELinux administration
> > https://github.com/intrajp/segatex-ng
> >
> > network-magic ( Useful tool for network-administrators )
> > https://github.com/intrajp/network-magic
> >
> > CMS(with PHP & PostgreSQL)
> > http://sourceforge.net/projects/webon/
> > https://github.com/intrajp/irforum_jp
>
>
> > _______________________________________________
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
>
> --
> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
> Dominick Grift
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-09-26 11:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-24 21:55 autorelabel loops in system executed 'semodule -d unconfined' Shintaro Fujiwara
2018-09-24 22:19 ` Shintaro Fujiwara
2018-09-25 13:46 ` Dominick Grift
2018-09-26 11:05 ` Shintaro Fujiwara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).