Page 1 of 1
selinux conflict
Posted: Thu Jul 10, 2008 10:50 am
by modom46
Hi,
I ran a yum update and it did update but got this message that I don't understand:
qscand homedir /var/spool/qscan or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account.
If it is a system account please make sure its login shell is /sbin/nologin.
I'm the only one who can login to shell, not any of my customers.
Is there something I need to change?
Posted: Fri Jul 11, 2008 8:34 am
by scott
Dunno, I never turn on selinux (we use the grsecurity RBAC which is WAY more complete). So it doesnt really add any value as far as I have determined.
Re: selinux conflict
Posted: Tue Jan 22, 2013 9:20 am
by mist_firefly
Hello
I seem to be having a similar problem. Doing the updates in yum today
after updating
selinux-policy noarch 2.4.6-338.el5 base 432 k
got the following: (plus a lot more similar about different domains)
qscand homedir /var/spool/qscan or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
I haven't found any issue on the server yet but was wondering what it means and if it can cause problems.
thanks
Re: selinux conflict
Posted: Tue Jan 22, 2013 8:04 pm
by scott
My previous comment still stands, 4 years later.
Re: selinux conflict
Posted: Wed Jan 23, 2013 5:04 am
by mist_firefly
How do I know if selinux is on on our server? >_< Probably is if I updated ..Just want to understand if these lines may cause issues to the server/clients
Re: selinux conflict
Posted: Wed Jan 23, 2013 10:26 am
by scott
getenforce will tell you whats state is. You can disable it from /etc/sysconfig/selinux and/or /etc/selinux/config (always check both files, its sometimes a moving target). You can also disable it by passing selinux=0 to the kernel boot parameters.
Re: selinux conflict
Posted: Wed Jan 23, 2013 12:30 pm
by mist_firefly
Thank for the help ^_^
Seems to be disabled already.
Does that means that what I saw when updating has no effect on the server?
Re: selinux conflict
Posted: Wed Jan 23, 2013 7:57 pm
by mikeshinn
None unless you enable selinux. If you feel you need a MAC, just use the self learning RBAC that comes with ASL. Its more secure, and its much easier to work with.