PDA

View Full Version : FC3 - 2.6.10-1.770_FC3 - Wierdness!



chewymix
5th May 2005, 07:55 PM
Hi

Got a dedicated server at a remote IDC and just done a apt-get dist -upgrade on it - Not sure if it was doing this before but....

When i look in the messages i get lots of this type of stuff...

audit(1115319180.334:0): avc: denied { search } for pid=3639 exe=/usr/bin/nifd name=net dev=proc ino=-268435434 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:proc_net_t tclass=dir

and even odder still i see things like this when doing an ifconfig..

Warning: cannot open /proc/net/dev (Permission denied). Limited output.
Warning: cannot open /proc/net/dev (Permission denied). Limited output.
eth0 Link encap:Ethernet HWaddr 00:0B:6A:48:6E:FC
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.xxx Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Warning: cannot open /proc/net/dev (Permission denied). Limited output.
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1

this is all done as root -

Anyone got any ideas as to what might bt the cause?

thanks

AndyGreen
5th May 2005, 07:57 PM
selinux. There is a way to relabel your whole filesystem, but until you figure that out you might want to disable it

selinux=0

on the kernel commandline.

chewymix
5th May 2005, 08:07 PM
thanks for the tip - you mean pass this to grub on boot? If so and sorry to sound like a newbie, i'm more used to lilo, but how do i do that?

thanks

rpm qa | grep selinux gives me

libselinux-1.19.1-8
libselinux-devel-1.19.1-8

does that look right?

AndyGreen
5th May 2005, 08:10 PM
You can do it as a one-off by pressing 'a' at the grub menu display after the BIOS.

To make it stick, edit /boot/grub/grub.conf and... well, you'll see how it is.

chewymix
5th May 2005, 08:22 PM
thanks again - thats the thing though this is in a remote IDC so i can't press anything on boot ;)

does this look right ? don't wanna mess up and get locked out you see

]# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=5
selinux=0
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.10-1.770_FC3)
root (hd0,0)
kernel /vmlinuz-2.6.10-1.770_FC3 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.10-1.770_FC3.img
title Fedora Core (2.6.9-1.667)
root (hd0,0)
kernel /vmlinuz-2.6.9-1.667 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.9-1.667.img

thanks heaps!

AndyGreen
5th May 2005, 08:28 PM
No. You need to edit at least the first kernel line to look like this (ie, add selinux=0 to what was there).

kernel /vmlinuz-2.6.10-1.770_FC3 ro root=/dev/VolGroup00/LogVol00 selinux=0

chewymix
5th May 2005, 08:58 PM
great thanks - that worked!