selinux woes, was Re: [SATLUG] swapping 2 HDDs = problems
Travis H.
solinym at gmail.com
Sun Aug 7 11:28:33 CDT 2005
Status report follows.
> >But, when I boot up with the big drive on the secondary controller, it
> >complains about trying to read past the end of the drive. I think I
> >have LVM enabled, and so maybe something in LVM is referencing the big
> >drive as /dev/hda instead of /dev/hdc as it is now.
That is exactly what happens. LVM stores the device name in the
logical extents.
If you have an editor capable of editing a device file, you can change
it directly.
I ended up masking the extra partitions by changing their system ID to AIX.
> offhand, I'd say burn an iso of a live cd (which ever distro has one - I
> have Whax, here - works good)
> then mount the drives and do what you need, rebuild lilo/grub, pull the
> cd out, and boot the machine again.
I tried this. First I tried using "star" to copy the files plus
selinux attributes off the old drive. I had to play around with
shared libraries and it just coredumped all the time. Next I copied
the files over using dump/restore, but they lacked selinux contexts
(the bootable distros I tried don't have selinux enabled -- gee I
wonder why). I am paranoid and wanted to run selinux on this box,
just to gain familiarity with it. Boy did I ever! Basically with
selinux enabled, even in permissive (non-enforcing) mode, I couldn't
write to any file. You see, / had no security contexts, and therefore
I had no permission to do anything under it. I tried *everything*.
With selinux disabled, you cannot edit security contexts. Catch-22.
So basically I had to boot up off the old drive, mount new / as /mnt,
and "chroot /mnt fixfiles relabel" to relabel everything on the new
drive's /. Couple this with problems associated with two drives
having the same labels, and it made for many hours of effort with no
discernable results. I highly recommend it to someone who doesn't
want to accomplish anything and has 6 hours to kill.
--
http://www.lightconsulting.com/~travis/
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
More information about the SATLUG
mailing list