I've been tinkering with Linux Mint for the last month, so my CentOS installation was kinda abandoned. However, I took my chance to update CentOS via the usual chroot trick. It works.... however...
I found a glitch. I was aware of it when I ran my self-made wifi connection script which calls dhclient program. It said:
libc.so.6 not found
Great...ldd said the same thing too. However, libc.so.6 is still in /lib/libc.so.6, so it's not really missing. Hmmmm...
As a important note: recent update shows that there is another libc.so.6 which reside in /lib/i686/nosegneg. From random googling, I concluded that it is a "Xen friendly" library. It's a short way to describe that those libraries are not using certain segmentation techniques that might confuse or break Xen, so to speak.
Then, somehow I felt that it *might* be related to SELinux (i make it enforcing). Here are few lines from /var/log/messages that shows such quirk:
kernel: [ 5.195941] type=1400 audit(1327499418.190:3):
avc: denied { read } for pid=860 comm="restorecon" name="libc.so.6" dev=xxxx ino=4821369 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object
_r:file_t:s0 tclass=lnk_file
and the output of "ls" is:
$ ls -lZ /lib/libc.so.6
lrwxrwxrwx root root system_u:object_r:file_t /lib/libc.so.6 -> libc-2.5.so(the above output might be slightly incorrect, just focus on "file_t" attribute)
Alright, so SELinux attribute of libc.so.6 is wrong. I didn't know what exactly causing that during the chroot session. My best guess is that since it was done inside Linux Mint, which in turn doesn't use SELinux, partial relabeling or anything related to fix SELinux attribute simply fails.
The fix is fortunately easy:
1. edit /etc/sysconfig/selinux. change "SELINUX=enforcing" into "SELINUX=permissive"
2. do "sudo touch /.autorelabel". Notice the . (dot) prefix.
3. reboot
SELinux will relabel everything inside your mounted filesystem according to its default configuration once Linux enters normal runlevel.
To confirm your problem is gone, pick random binary, say dhclient and run ldd. Here's mine:
$ ldd /sbin/dhclient
libc.so.6 => /lib/i686/nosegneg/libc.so.6
And problem is solved :) Now you can turn SELinux back into enforcing mode.
PS: SELinux is both fun and frustating..... but with careful log analysis, usually you can pinpoint the root of the problem pretty fast.
regards,
Mulyadi Santosa
3 comments:
is chrooting centos mean you boot to Linux Mint, chroot to centos /, and you use centos (with mint kernel) ?
Yes :), you're right
Thhhhaaaannnnkkkkksssssss!!!!
Post a Comment