Re: trying to understand SELinux message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 16, 2009 at 2:01 PM, Paul Allen Newell <pnewell@xxxxxxxxxx> wrote:
> Mr. Teo En Ming (Zhang Enming) wrote:
>>
>> On Mon, Nov 16, 2009 at 1:47 PM, Paul Allen Newell <pnewell@xxxxxxxxxx>
>> wrote:
>>
>>>
>>> Mr. Teo En Ming (Zhang Enming) wrote:
>>>
>>>>
>>>> You can try to disable SELinux in /etc/selinux/config or in
>>>> /boot/grub/grub.conf.
>>>>
>>>> In /etc/selinux/config, change SELinux to DISABLED.
>>>>
>>>> OR
>>>>
>>>> In /boot/grub/grub.conf, add selinux=0 to the kernel line.
>>>>
>>>> E.g. kernel /vmlinuz ro root=/dev/sda2 selinux=0
>>>>
>>>> You shouldn't start X server or login to GNOME as root.
>>>>
>>>>
>>>>
>>>>
>>>
>>> My thanks for the prompt reply. I am not certain why I would want to
>>> disable
>>> SELinux as it clearly is part of the Fedora package and is trying to tell
>>> me
>>> that something isn't right.
>>>
>>> Yes, I know I should not start X server or login as root ... and that is
>>> not
>>> my normal work habit. But I would expect that I should still be able to
>>> do
>>> such and not have SELinux bark unless there was something wrong. It is
>>> the
>>> "what is wrong" that I am trying to understand and correct.
>>>
>>> Paul
>>>
>>> --
>>> fedora-list mailing list
>>> fedora-list@xxxxxxxxxx
>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>> Guidelines:
>>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>>
>>>
>>
>> Well, for home or personal use systems, you don't really need SELinux.
>> SELinux is for mission critical servers.
>>
>> Or unless you work for defense or intelligence agencies, then your
>> laptop needs to be secured with SELinux and high grade encryption.
>>
>>
>
> I have to deal with NDAs and those organizations don't like to hear "I don't
> use SELinux". Mission critical is not an issue, but doing the proper steps
> to show I am not disabling security is a necessary.
>
> Plus, an error is an error and I personally don't like pop-ups telling me
> there is something wrong (smile)
>
> Thanks,
> Paul
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>

Hi Paul,

<QUOTE>
Summary:

SELinux is preventing the gdm-session-wor from using potentially mislabeled
files (.dmrc).

Detailed Description:

SELinux has denied gdm-session-wor access to potentially mislabeled file(s)
(.dmrc). This means that SELinux will not allow gdm-session-wor to use these
files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.

Allowing Access:

If you want gdm-session-wor to access this files, you need to relabel them using
restorecon -v '.dmrc'. You might want to relabel the entire directory using
restorecon -R -v ''.

</QUOTE>

Link: http://osdir.com/ml/fedora-selinux/2009-02/msg00111.html


You can execute the following command as root to solve your problem.

# restorecon -R -v /root

It should stop the AVC messages from popping up.

-- 
Mr. Teo En Ming (Zhang Enming) Dip(Mechatronics) BEng(Hons)(Mechanical
Engineering)
Alma Maters:
(1) Singapore Polytechnic
(2) National University of Singapore
My Primary Blog: http://teo-en-ming-aka-zhang-enming.blogspot.com
My Secondary Blog: http://enmingteo.wordpress.com
My Youtube videos: http://www.youtube.com/user/enmingteo
Email: space.time.universe@xxxxxxxxx
Mobile Phone (Starhub Prepaid): +65-8369-2618
Street: Bedok Reservoir Road
Country: Singapore

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux