For the most part, I just used this blog article BackupPC on CentOS 5 (selinux fix) but I had a few issues between the two servers so I'm documenting that.
CentOS5
CentOS 5 didn't have the semodule command. So...# yum install selinux*
And then create a source policy module...
# grep httpd /var/log/audit/audit.log | audit2allow -m backuppc > backuppc.te
And then build the policy module...
# grep httpd /var/log/audit/audit.log | audit2allow -M backuppc
And finally, install the module...
# semodule -i backuppc.pp
After that, I turned on SELinux=enforcing at the command line and edited the /etc/selinux/conf to default to enforcing.
# setenforce 1
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
CentOS 6
CentOS 6 also needed to have all of the SELinux tools installed (I think). However, when I tried the exact same things as above, the semodule command gave an error:Tried to link in a non-MLS module with an MLS base
After some searching I found that I needed to run system-config-selinux which is a GUI (no system-config-selinux-tui I could find).
Here, I was expecting to see MLS instead of targeted. Not sure why, but it was already toggled to the correct setting. (So why does it think it's MLS?) So, I checked the box to "Relabel on next reboot" and rebooted. I was a little afraid of this because it said it could take a long time if you had a large filesystem and this had already used about 23% of 3TB. It was probably done well under 20 minutes (by the time I tried it again) and it worked!
1 comment:
restorecon -r -v -F /home/myhome/.ssh was also pretty handy!
Post a Comment