Selinux installation: Policy Problem, Xorg crashes.

Kernels & Hardware, configuring network, installing services

Selinux installation: Policy Problem, Xorg crashes.

Postby drawable » 2011-10-12 13:42

Hello!

I tried to setup selinux. So I installed
Code: Select all
selinux-basics selinux-policy-default selinux-utils
and activated it with
Code: Select all
selinux-activate
. When i try to check the config i get.
Code: Select all
getfilecon:  getfilecon(/proc/1) failed
SELinux is not enabled.
Could not read the domain of PID 1


Edit: Clearly selinux must be enabled first. However, when i restart, selinux lables my files and i get this error, in xorg.log:

Code: Select all
[    22.767] (WW) file_contexts:  line 0 has invalid context system_u:object_r:seclabel_xproperty_t:s0
[    22.768] SELinux: a property label lookup failed!
[    22.768]
Fatal server error:
[    22.768] SELinux: Failed to set label property on window!
[    22.768]
[    22.768]
Please consult the The X.Org Foundation support
         at http://wiki.x.org
 for help.
[    22.768] Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[    22.768]
[    22.768] (II) AIGLX: Suspending AIGLX clients for VT switch
[    22.784] Server terminated with error (1). Closing log file.


There are two ways for labeling files: the recommendet one, with the
Code: Select all
/.autorelabel
file (through init) and another one by using
Code: Select all
fixfiles relabel
Source: http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-fsrelabel.html. However, Iam not sure, if this is a policy related bug, or a file labeling related bug. This here http://readlist.com/lists/tycho.nsa.gov/selinux/3/16643.html is quite similar, but its from 02.02.2010 and the author said he fixed it (by the way the default policy in wheezy is the same as in sid.
drawable
 
Posts: 4
Joined: 2011-10-12 13:20

Re: Selinux installation: Policy Problem, Xorg crashes.

Postby Revenger » 2011-10-12 22:31

You must have done something wrong. I installed selinux on squeeze, and X, even Gnome worked without problems. (Even through gnome is not configured for selinux use on squeeze).

http://wiki.debian.org/SELinux/Setup
Next time someone says 'Go to hell' to me, I come right here.

Do you need bad help?
Revenger
 
Posts: 383
Joined: 2010-11-16 11:47

Re: Selinux installation: Policy Problem, Xorg crashes.

Postby drawable » 2011-10-14 10:21

Well, i checked the page you mentioned, removed selinux entirely, reinstalled it and configured it according to the page. Still i get the same error. This is strange and i think about asking about this on another forum.

Edit: When i login as root, xorg is not configured. When i check my selinux installation, everything seems fine (no output at all). When i grep for the attribute
Code: Select all
ls -Z -R / | grep system_u:object_r:seclabel_xproperty_t:s0
i dont find it. Now i installed the source and will grep there, than disable it there and hopefully the policy wont be screwed. Could someone check if he has a file with that attribute? Thanks!

P.S.: I am googling for the issue and guess what pops up -- yes, my post.
drawable
 
Posts: 4
Joined: 2011-10-12 13:20

Re: Selinux installation: Policy Problem, Xorg crashes.

Postby drawable » 2011-10-14 17:28

This is from the user mailing list of selinux. I have nothing to add.

> I installed debian wheezy and tried to configure selinux. I followed the
> directions posted in the Debian Wiki [1] and activated selinux through

At this time SE Linux is not expected to work on Wheezy. Bugs have been filed
and I'll fix it as soon as I get time.

Squeeze works pretty well.

If you have some time to contribute to SE Linux development then that would be
great! Otherwise SE Linux on Wheezy is not for you at the moment.


I leave this topic as unsolved, so if someone has this problem too, he/she could contribute (to this topic) and if someone finds a solution to this particular issue he/she knows whom to tell. Thank you.
drawable
 
Posts: 4
Joined: 2011-10-12 13:20

Re: Selinux installation: Policy Problem, Xorg crashes.

Postby masuch » 2012-02-24 21:26

I have exactly the same problem:

$ check-selinux-installation
getfilecon: getfilecon(/proc/1) failed
SELinux is not enabled.
Could not read the domain of PID 1.
/etc/pam.d/login is not SELinux enabled
Postfix init script is syncing the chroots.
Postfix has chrooted service in master.cf
FSCKFIX is not enabled - not serious, but could prevent system from booting...
udev will create nodes not labeled correctly
masuch
 
Posts: 2
Joined: 2012-02-24 21:17

Re: Selinux installation: Policy Problem, Xorg crashes.

Postby BradChesney79 » 2012-12-18 19:36

You can get rid of the FSCKFIX line with this:

vi /etc/default/rcS

----------

#
# /etc/default/rcS
#
# Default settings for the scripts in /etc/rcS.d/
#
# For information about these variables see the rcS(5) manual page.
#
# This file belongs to the "initscripts" package.

# delete files in /tmp during boot older than x days.
# '0' means always, -1 or 'infinite' disables the feature
#TMPTIME=0

# spawn sulogin during boot, continue normal boot if not used in 30 seconds
#SULOGIN=no

# do not allow users to log in until the boot has completed
#DELAYLOGIN=no

# be more verbose during the boot process
#VERBOSE=no

# automatically repair filesystems with inconsistencies during boot
FSCKFIX=yes

---------
BradChesney79
 
Posts: 2
Joined: 2011-09-07 02:12


Return to System configuration

Who is online

Users browsing this forum: Bulkley and 24 guests

fashionable