I have a centos 6.6 laptop which is having trouble (intermittent boot failures, or more rightly so, multiple failures, intermittent booting). The laptop is running selinux. I pulled the second internal disk out to get my data off of it. I plugged it into my centos 5.x machine and mounted it. I was able to do a dir listing, but whrn I tried to cd into any of the directories, I get a bunch of AVC denials, and I can't see any files. The contos 5.x machine is selinux enforcing, and so is the centos 6.x box. The files are all owned by me, and have the same uid/gid on both boxes. What is the right way to do this? Meanwhile, I put it back into the laptop, and kept attempting to boot the machine, until I got lucky and it came up. I was able to rsync the data off the drive, so this isn't a crisis, just a learning moment. thanks, -chuck --
Chuck Campbell wrote:> I have a centos 6.6 laptop which is having trouble (intermittent boot > failures, or more rightly so, multiple failures, intermittent booting).The laptop> is running selinux. I pulled the second internal disk out to get my dataoff of> it. I plugged it into my centos 5.x machine and mounted it. I was ableto do a> dir listing, but whrn I tried to cd into any of the directories, I get abunch of AVC> denials, and I can't see any files. The contos 5.x machine is selinuxenforcing,> and so is the centos 6.x box. The files are all owned by me, and havethe same> uid/gid on both boxes. > > What is the right way to do this?<snip> My reaction would have been simple: set selinux to permissive on your machine, back up what you wanted, then return it to enforcing. mark
On 2/26/2015 12:33 PM, m.roth at 5-cent.us wrote:> Chuck Campbell wrote: >> I have a centos 6.6 laptop which is having trouble (intermittent boot >> failures, or more rightly so, multiple failures, intermittent booting). > The laptop >> is running selinux. I pulled the second internal disk out to get my data > off of >> it. I plugged it into my centos 5.x machine and mounted it. I was able > to do a >> dir listing, but whrn I tried to cd into any of the directories, I get a > bunch of AVC >> denials, and I can't see any files. The contos 5.x machine is selinux > enforcing, >> and so is the centos 6.x box. The files are all owned by me, and have > the same >> uid/gid on both boxes. >> >> What is the right way to do this? > <snip> > My reaction would have been simple: set selinux to permissive on your > machine, back up what you wanted, then return it to enforcing. > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Hah, I didn't actually think of that. If it is that simple, then live and learn. I had thought there were differences between 5.x and 6.x that were causing the problem, since the uid/gid are the same on both boxes for the file owner. There must have been something in the xattrs that didn't line up... thanks, -chuck -- ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph. | and Integrated Interpretation | (713)993-0608 fax 448 W. 19th St. #325| Since 1992 | (713)306-5794 cell Houston, TX, 77008 | Chuck Campbell | campbell at accelinc.com | President & Senior Geoscientist | "Integration means more than having all the maps at the same scale!"
On Thu, Feb 26, 2015 at 10:49 AM, Chuck Campbell <campbell at accelinc.com> wrote:> I have a centos 6.6 laptop which is having trouble (intermittent boot failures, > or more rightly so, multiple failures, intermittent booting). The laptop is > running selinux. > I pulled the second internal disk out to get my data off of it. I plugged it > into my centos 5.x machine and mounted it. I was able to do a dir listing, but > whrn I tried to cd into any of the directories, I get a bunch of AVC denials, > and I can't see any files. The contos 5.x machine is selinux enforcing, and so > is the centos 6.x box. The files are all owned by me, and have the same uid/gid > on both boxes. > > What is the right way to do this?Mount with a permissive context: mount -o context=unconfined_u:object_r:default_t If you mount without that, ls -Z will show you the labeling and you can probably figure out why you're getting the denials based on the AVC message. -- Chris Murphy