Selinux is crap.Sorry redhat fun boys but its true.Not even in redhat’s documentation doesnt have enough info.
via E.Balaskas
My own experience with SELinux today? A Virtual Machine with a forgotten root password. OK, that’s easy, boot in single user mode, type passwd(1), enter the new root password, reboot. I mean the process is documented in a shitload of pages (example) and has been working like that since … I don’t know 1996? Should be a piece of cake, right?
NOOOOOOOOOOOOOOOOO!
You see this is SELinux. There are procedures to follow, “passwd root” just won’t work in single user mode and will exit immediately without a prompt. A well-defined procedure that has been working for ages is now broken. Oh well …
# echo 0 >/selinux/enforce
# passwd root
Changing password for user root.
New password:
Oh-well I am fairly certain that there is one out of more than a billion parallel universes where SELinux just works. Just one though.
References: POLA
July 21, 2011 at 4:28 pm |
How so UNTRUE!!!!
You don’t need to echo 0 > /selinux/enforce
You just follow the procedure like you used to
Just double-checked in on a CentOS 6
July 21, 2011 at 6:53 pm |
Your assumption that I talked about CentOS 6 is misguided to say the least.
FWIW this was on an Oracle Enterprise Linux 6. Not that it really matters, this was just an example of the many things that have gone wrong with SELinux over the years
July 21, 2011 at 10:35 pm |
This has been fixed in selinux-policy-3.7.19-58.el6. https://bugzilla.redhat.com/show_bug.cgi?id=639083
Now wait for OEL to pick it up, or use vi /etc/shadow next time (this method works since the beginning of unix time)
July 22, 2011 at 9:34 pm |
On spot Sotiris; thanks for the insight.
Regarding the “/etc/shadow”: 8 months of absence at the greek army have made me a little bit rusty (I’ve used it so many times on Solaris that I should have remembered it
)