我在 CentOS 8.2 安装上再次启用了 SELINUX。现在登录不起作用,无论是通过 ssh 还是直接登录。要登录,我必须将模式设置为宽容。安全日志显示如下。
#login with ssh
Sep 14 02:26:57 lcl sshd[4407]: Accepted password for <MY USERNAME> from <My local ip> port 52410 ssh2
Sep 14 02:26:57 lcl systemd[4412]: pam_unix(systemd-user:session): session opened for user <MY USERNAME> by (uid=0)
Sep 14 02:26:57 lcl sshd[4407]: pam_systemd(sshd:session): Failed to create session: Start job for unit [email protected] failed with 'failed'
Sep 14 02:26:57 lcl sshd[4407]: pam_unix(sshd:session): session opened for user <MY USERNAME> by (uid=0)
Sep 14 02:26:57 lcl sshd[4421]: fatal: sshd_selinux_copy_context: setcon failed with Permission denied
Sep 14 02:26:57 lcl sshd[4407]: pam_unix(sshd:session): session closed for user <MY USERNAME>
#this is when i tried to login directly without ssh.
Sep 14 02:29:13 lcl systemd[3716]: pam_unix(systemd-user:session): session opened for user <MY USERNAME> by (uid=0)
Sep 14 02:29:13 lcl systemd[3721]: pam_unix(systemd-user:session): session closed for user <MY USERNAME>
Sep 14 02:29:13 lcl login[1225]: pam_systemd(login:session): Failed to create session: Start job for unit [email protected] failed with 'failed'
Sep 14 02:29:13 lcl login[1225]: pam_unix(login:session): session opened for user <MY USERNAME> by LOGIN(uid=0)
Sep 14 02:29:14 lcl login[1225]: LOGIN ON tty1 BY <MY USERNAME>
Sep 14 02:29:14 lcl login[1225]: pam_unix(login:session): session closed for user <MY USERNAME>
我不是一名硬核服务器管理员,请帮我解决这个问题。
答案1
长时间禁用 Selinux 可能会导致文件未被标记或标记的 Selinux 上下文与安装的策略不匹配。此外,守护进程和其他进程(包括 systemd)可能会在意外上下文中运行。
使其工作的最短方法是,在 /etc/selinux/config 中将其设置为强制执行,发出以下命令:
touch /.autorelabel
然后重新启动,您现在就可以登录了。