I had a few issues on a CentOS box today that I upgraded from 4 to 5. Syslog wouldn’t start if SELinux was in enforcing mode. I had to do a filesystem-wide relabel to get it all working. It was pretty straight forward to do but here was the procedure that worked for me.
- First make sure SELinux is up to date with a yum update
- Put SELinux into Permissive mode (setenforce 0)
- Now set it so that it won’t turn on after a reboot by editing /etc/selinux/config and setting the line SELINUX=permissive
- reboot (not sure this is required but I did)
- set the system to autorelabel (touch /.autorelabel)
- now reboot again (this one is required and it may take a little while if you’ve got a big filesystem)
- now run setenforce 1 and edit /etc/selinux/config and set it back to SELINUX=enforcing
That was pretty much it. A “service syslog restart” got it all going again.
I’m still learning about SELinux. Here is a great PowerPoint on it.
Enjoy.
Posts
No comments:
Post a Comment