Wednesday, January 13, 2010

SELinux Issues

I had a few issues on a CentOS box today that I upgraded from 4 to 5.  Syslog wouldn’t start if SELinux was in enforcing mode.  I had to do a filesystem-wide relabel to get it all working.  It was pretty straight forward to do but here was the procedure that worked for me.

  1. First make sure SELinux is up to date with a yum update
  2. Put SELinux into Permissive mode (setenforce 0)
  3. Now set it so that it won’t turn on after a reboot by editing /etc/selinux/config and setting the line SELINUX=permissive
  4. reboot (not sure this is required but I did)
  5. set the system to autorelabel (touch /.autorelabel)
  6. now reboot again (this one is required and it may take a little while if you’ve got a big filesystem)
  7. now run setenforce 1 and edit /etc/selinux/config and set it back to SELINUX=enforcing

That was pretty much it. A “service syslog restart” got it all going again. 

I’m still learning about SELinux.  Here is a great PowerPoint on it.


No comments: