Hi all, I installed debian lenny with Xfs as it' s filesystem (in raid-1) and went on to install java (openjdk). This system also has a postgresql database server installation.
I tried to enable selinux by following the steps on this wiki: http://wiki.debian.org/SELinux/Setup However, after step 5 in that sequence, Run check-selinux-installation to check that everything has been setup correctly and to catch common SELinux problems. (Note: old-style-ptys aren't serious.), I got the following message: FSCKFIX is not enabled - not serious, but could prevent system from booting 1) What is causing this and how can I correct it? 2) The next thing I did was to check my syslog. The last part of it says: Feb 6 14:52:48 biserver kernel: [ 91.461220] __ratelimit: 12 messages suppressed Feb 6 14:52:48 biserver kernel: [ 91.461224] type=1401 audit(1265464368.175:41): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:xserver_exec_t:s0 tclass=process Feb 6 14:52:48 biserver kernel: [ 91.716479] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:48 biserver acpid: client connected from 3448[0:0] Feb 6 14:52:50 biserver kernel: [ 93.801395] type=1401 audit(1265464370.515:42): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process Feb 6 14:52:50 biserver kernel: [ 93.817255] type=1401 audit(1265464370.531:43): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process Feb 6 14:52:51 biserver kernel: [ 94.365592] type=1401 audit(1265464371.079:44): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process Feb 6 14:52:51 biserver kernel: [ 94.372334] type=1401 audit(1265464371.087:45): security_compute_sid: invalid context unconfined_u:unconfined_r:xdm_xserver_t:s0 for scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process Feb 6 14:52:52 biserver kernel: [ 95.820411] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:53 biserver kernel: [ 96.392035] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:53 biserver kernel: [ 96.500011] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:53 biserver kernel: [ 97.145973] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:54 biserver kernel: [ 98.193879] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:56 biserver kernel: [ 99.888604] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:56 biserver kernel: [ 100.276146] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:57 biserver kernel: [ 100.549781] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:57 biserver kernel: [ 100.696083] type=1400 audit(1265464377.411:46): avc: denied { search } for pid=2562 comm="dbus-daemon" name="3488" dev=proc ino=13750 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=dir Feb 6 14:52:57 biserver kernel: [ 100.696128] type=1400 audit(1265464377.411:47): avc: denied { read } for pid=2562 comm="dbus-daemon" name="cmdline" dev=proc ino=13751 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=file Feb 6 14:52:57 biserver kernel: [ 100.804317] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:52:57 biserver kernel: [ 101.253089] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:02 biserver kernel: [ 105.743291] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:08 biserver kernel: [ 111.857588] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:08 biserver kernel: [ 111.904995] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:09 biserver kernel: [ 113.069960] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:10 biserver kernel: [ 113.948280] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:34 biserver kernel: [ 137.596125] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:34 biserver kernel: [ 137.620644] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:53:34 biserver kernel: [ 137.772816] SELinux: context unconfined_u:unconfined_r:xdm_xserver_t:s0 is invalid Feb 6 14:56:14 biserver ntpd[3270]: synchronized to 82.94.235.106, stratum 2 I have seen that my system didn' t start xdm, though. I was thrown to the command line. But doing a startx brought my xfce4 desktop in front of me. but how can I enable xdm? And does that have something to do with the errors I' m seeing in syslog? 3) Do I have to load extra policies if I'm planning to install packages like tomcat? How do I accomplish that? Thanks in advanced, Dino
