[Users] Problems with Debian sid VE
Roberto Mello
roberto.mello at gmail.com
Sat Apr 19 13:23:55 EDT 2008
On Thu, Apr 17, 2008 at 2:54 PM, Marcin Owsiany <marcin at owsiany.pl> wrote:
>
> However it's clearly enabled in userspace in the VE, as it tries to
> mount /selinux. Possibly the UID problems are related to that.
That's what I think too, but the hard thing is disabling the thing.
> My gut feeling is that selinux is to blame. I would try to disable
> selinux in the VE.
>
> As one of my colleagues say "If weird shit happens, check selinux."
> Root not being able to read /etc/passwd is a fine example of "weird
> shit" :)
No kidding. The only thing I can find under /etc about selinux is
under init.d/mtab.sh:
init.d/mtab.sh: if selinux_enabled && which restorecon >/dev/null 2>&1
&& [ -r /etc/mtab ]
mtab.sh includes /lib/lsb/init-functions and /lib/init/mount-functions.sh
This latter file checks for selinxu being enabled:
selinux_enabled () {
which selinuxenabled >/dev/null 2>&1 && selinuxenabled
}
selinuxenabled is provided the selinux-utils package. I've created an
/etc/selinux/config disabling selinux, and symlinked to it from
/etc/default/selinux, which is where selinux was enabled/disabled on
etch.
But it still doesnt seem to resolve the issue. Sometimes I can only
get "proper" root after attempting a dpkg -l (which fails) and reading
the contents of /var/lib/dpkg/updates/.
When I run selinuxenabled I get a 1 exit code. And then there's this
(also provided in the selinux-utils package):
I have no name!@o2:/# getsebool
getsebool: SELinux is disabled
But still no go. Anyone who knows SELinux knows what I need to do to
really disable it in a VE?
Thanks,
Roberto
More information about the Users
mailing list