incorrectly defined system account?

[webfeatus]

Recent yum update listed an error like this in relation to each accountid on the system:

Code: Select all

accountid homedir /var/www/vhosts/domain.com or its parent directory conflicts with a defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account.  If it is a system account please make sure its login shell is /sbin/nologin.

Can anyone tell me what this means?

I have selinux disabled.
/etc/selinux/config
SELINUX=disabled

[Reference: http://sysadmingear.blogspot.com/2007/1 ... linux.html]

[mikeshinn]

You've got selinux running, to disable it you need to pass selinux=0 to the kernel on boot.

[webfeatus]

You've got selinux running, to disable it you need to pass selinux=0 to the kernel on boot.

Code: Select all

# /usr/sbin/sestatus -v
SELinux status:                 disabled

As far as I know, this has been the case since I disabled according to my post above.

[scott]

You'd think those tools would be more accurate than that by now. But no, its actually still running. Like mike said above, selinux=0 is the only way to be sure.

[webfeatus]

you need to pass selinux=0 to the kernel on boot

I tried to avoid asking this newb question...

"How do I do that?"

[biggles]

edit /etc/grub.conf

Here are my rows that start the current kernel. Don't copy them, just add selinux=0 to your current config.

Code: Select all

title CentOS (2.6.32.21-3.art.i686.PAE)
        root (hd0,0)
        kernel /vmlinuz-2.6.32.21-3.art.i686.PAE ro root=LABEL=/ selinux=0 panic=5
        initrd /initrd-2.6.32.21-3.art.i686.PAE.img

[webfeatus]

selinux=0 was already included.

No idea what happened with this situation.
I will monitor.
Thank you.

[webfeatus]

I think I was looking at the wrong server.
I believe that the yum error was on my other server.
That server uses openvz, no grsec.
No grub.conf on virtual.
Found this on host...

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You do not have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /, eg.
#          root (hd0,0)
#          kernel /boot/vmlinuz-version ro root=/dev/md0
#          initrd /boot/initrd-version.img
#boot=/dev/md0
default=1
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-164.6.1.el5)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.18-164.6.1.el5 ro root=/dev/md0
        initrd /boot/initrd-2.6.18-164.6.1.el5.img
title CentOS OpenVz (2.6.18-128.2.1.el5.028stab064.8PAE)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.18-128.2.1.el5.028stab064.8PAE ro root=/dev/md0
        initrd /boot/initrd-2.6.18-128.2.1.el5.028stab064.8PAE.img
title OpenVZ (2.6.18-128.2.1.el5.028stab064.7PAE)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.18-128.2.1.el5.028stab064.7PAE ro root=/dev/md0
        initrd /boot/initrd-2.6.18-128.2.1.el5.028stab064.7PAE.img
title CentOS (2.6.18-164.el5)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.18-164.el5 ro root=/dev/md0
        initrd /boot/initrd-2.6.18-164.el5.img
title CentOS (2.6.18-128.el5)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.18-128.el5 ro root=/dev/md0
        initrd /boot/initrd-2.6.18-128.el5.img

Also on host...

Code: Select all

# /usr/sbin/sestatus -v
SELinux status:                 disabled

[faris]

I hope I'm not confusing things, but I've seen errors like that during a yum update in the past. They were nothing to worry about.

My impression was that it was just the result of having a selinux-policy (or somesuch) RPM installed, and when that gets updated it checks things, finds a problem and reports it, but that this makes no difference because selinux is disabled.

And selinux is definitely disabled on our systems. No question about it.

Faris.