On Mon, Feb 26, 2007 at 03:12:44AM +0000, Steve Kemp wrote: > On Sun, Feb 25, 2007 at 10:07:48PM -0500, Nelson Castillo wrote: > > > The partition in which the chroot is is not mounted with the nodev option. > > It's mounted with ext3,defaults, just as / is. > > > > This is the strace I got: > > > > http://wiki.superservicios.gov.co:81/~n/strace.txt > > Looking that over this appears to be a SELinux thing. Both FC and Debian have SELinux support. AFAIK, FC has it active by default('enforcing mode') while Debian does not. On my sid system, I have have SELinux active but not in 'enforce' mode. This means it does not stop anything, but logs it if would. > > The code obviously reads the current permissions of your > user: > > open("/proc/self/task/25770/attr/current", O_RDONLY|O_LARGEFILE) = 4 > read(4, "user_u:system_r:unconfined_t:s0-"..., 4095) = 43 > close(4) = 0 'unconfined' means that it is not a restricted in what it can do, thus is only limited by regualr unix permisions, which are check first anyway. > > I'm not sure what that means.. > > Later there are two file accesses which fail: > > open("/selinux/access", O_RDWR|O_LARGEFILE) = -1 ENOENT (No such file or directory) > open("/selinux/enforce", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) > > I'd suggest disabling SELinux and seeing if that fixes it, if it > does then I guess you get to learn more about using it than I > wish to right now ;) SElinux uses a virtual filesystem, that is set in /etc/fstab, for displaying and setting options like /proc. These are saying that this virtual filesystem is not there. From my gut, it doesn't seem like SELinux is getting in the way. I'd see if FC has option to turn off SELinux as a kernel option or at least to turn off enforcing mode by using /selinux or chaning the policy. -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal |mysite.verizon.net/kevin.mark/| | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keysever: subkeys.pgp.net | my NPO: cfsg.org |
Attachment:
signature.asc
Description: Digital signature