Hi,
I ran a yum update and it did update but got this message that I don't understand:
qscand homedir /var/spool/qscan or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account.
If it is a system account please make sure its login shell is /sbin/nologin.
I'm the only one who can login to shell, not any of my customers.
Is there something I need to change?
selinux conflict
-
- Forum User
- Posts: 60
- Joined: Mon Jul 23, 2012 5:22 am
- Location: Salisbury
Re: selinux conflict
Hello
I seem to be having a similar problem. Doing the updates in yum today
after updating
selinux-policy noarch 2.4.6-338.el5 base 432 k
got the following: (plus a lot more similar about different domains)
qscand homedir /var/spool/qscan or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
I haven't found any issue on the server yet but was wondering what it means and if it can cause problems.
thanks
I seem to be having a similar problem. Doing the updates in yum today
after updating
selinux-policy noarch 2.4.6-338.el5 base 432 k
got the following: (plus a lot more similar about different domains)
qscand homedir /var/spool/qscan or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
I haven't found any issue on the server yet but was wondering what it means and if it can cause problems.
thanks
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: selinux conflict
My previous comment still stands, 4 years later.
-
- Forum User
- Posts: 60
- Joined: Mon Jul 23, 2012 5:22 am
- Location: Salisbury
Re: selinux conflict
How do I know if selinux is on on our server? >_< Probably is if I updated ..Just want to understand if these lines may cause issues to the server/clients
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: selinux conflict
getenforce will tell you whats state is. You can disable it from /etc/sysconfig/selinux and/or /etc/selinux/config (always check both files, its sometimes a moving target). You can also disable it by passing selinux=0 to the kernel boot parameters.
-
- Forum User
- Posts: 60
- Joined: Mon Jul 23, 2012 5:22 am
- Location: Salisbury
Re: selinux conflict
Thank for the help ^_^
Seems to be disabled already.
Does that means that what I saw when updating has no effect on the server?
Seems to be disabled already.
Does that means that what I saw when updating has no effect on the server?
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: selinux conflict
None unless you enable selinux. If you feel you need a MAC, just use the self learning RBAC that comes with ASL. Its more secure, and its much easier to work with.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone