Selinux & POLA

Selinux is crap.Sorry redhat fun boys but its true.Not even in redhat’s documentation doesnt have enough info.

via E.Balaskas

My own experience with SELinux today? A Virtual Machine with a forgotten root password. OK, that’s easy, boot in single user mode, type passwd(1), enter the new root password, reboot. I mean the process is documented in a shitload of pages (example) and has been working like that since … I don’t know 1996? Should be a piece of cake, right?

NOOOOOOOOOOOOOOOOO!

You see this is SELinux. There are procedures to follow, “passwd root” just won’t work in single user mode and will exit immediately without a prompt. A well-defined procedure that has been working for ages is now broken. Oh well …


# echo 0 >/selinux/enforce
# passwd root
Changing password for user root.
New password:

Oh-well I am fairly certain that there is one out of more than a billion parallel universes where SELinux just works. Just one though.

References: POLA

Advertisements

Tags: , ,

4 Responses to “Selinux & POLA”

  1. athaks Says:

    How so UNTRUE!!!!

    You don’t need to echo 0 > /selinux/enforce

    You just follow the procedure like you used to

    Just double-checked in on a CentOS 6

  2. mperedim Says:

    Your assumption that I talked about CentOS 6 is misguided to say the least.

    FWIW this was on an Oracle Enterprise Linux 6. Not that it really matters, this was just an example of the many things that have gone wrong with SELinux over the years

  3. Sotiris Tsimbonis Says:

    This has been fixed in selinux-policy-3.7.19-58.el6. https://bugzilla.redhat.com/show_bug.cgi?id=639083
    Now wait for OEL to pick it up, or use vi /etc/shadow next time (this method works since the beginning of unix time) 🙂

  4. mperedim Says:

    On spot Sotiris; thanks for the insight.

    Regarding the “/etc/shadow”: 8 months of absence at the greek army have made me a little bit rusty (I’ve used it so many times on Solaris that I should have remembered it ;))

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: