Re: trying to understand SELinux message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 16, 2009 at 2:20 PM, Paul Allen Newell <pnewell@xxxxxxxxxx> wrote:
> Mr. Teo En Ming (Zhang Enming) wrote:
>>
>> On Mon, Nov 16, 2009 at 2:01 PM, Paul Allen Newell <pnewell@xxxxxxxxxx>
>> wrote:
>>
>>>
>>
>> Hi Paul,
>>
>> <QUOTE>
>> Summary:
>>
>> SELinux is preventing the gdm-session-wor from using potentially
>> mislabeled
>> files (.dmrc).
>>
>> Detailed Description:
>>
>> SELinux has denied gdm-session-wor access to potentially mislabeled
>> file(s)
>> (.dmrc). This means that SELinux will not allow gdm-session-wor to use
>> these
>> files. It is common for users to edit files in their home directory or tmp
>> directories and then move (mv) them to system directories. The problem is
>> that
>> the files end up with the wrong file context which confined applications
>> are not
>> allowed to access.
>>
>> Allowing Access:
>>
>> If you want gdm-session-wor to access this files, you need to relabel them
>> using
>> restorecon -v '.dmrc'. You might want to relabel the entire directory
>> using
>> restorecon -R -v ''.
>>
>> </QUOTE>
>>
>> Link: http://osdir.com/ml/fedora-selinux/2009-02/msg00111.html
>>
>>
>> You can execute the following command as root to solve your problem.
>>
>> # restorecon -R -v /root
>>
>> It should stop the AVC messages from popping up.
>>
>>
>
> Thank you very much for finding this. That being said, my head hurts after
> reading it as I am not certain what a large part of it means. But I do know
> that I probably moved at least one file in from my personal account and so
> it kinda makes sense.
>
> Let me re-read after a night's sleep and see if this, plus your link, makes
> more sense then.
>
> That being said, what the "word-of-your-choice" is "gdm-session-wor" ???
>
> Paul
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>

>From Wikipedia:

“...given the threat models and capabilities of the adversaries
involved, that's probably appropriate... But that’s not necessarily
appropriate for all users. SELINUX is so horrible to use, that after
wasting a large amount of time enabling it and then watching all of my
applications die a horrible death since they didn't have the
appropriate hand-crafted security policy, caused me to swear off of
it. For me, given my threat model and how much my time is worth, life
is too short for SELinux.” — Theodore Ts’o

:-)

-- 
Mr. Teo En Ming (Zhang Enming) Dip(Mechatronics) BEng(Hons)(Mechanical
Engineering)
Alma Maters:
(1) Singapore Polytechnic
(2) National University of Singapore
My Primary Blog: http://teo-en-ming-aka-zhang-enming.blogspot.com
My Secondary Blog: http://enmingteo.wordpress.com
My Youtube videos: http://www.youtube.com/user/enmingteo
Email: space.time.universe@xxxxxxxxx
Mobile Phone (Starhub Prepaid): +65-8369-2618
Street: Bedok Reservoir Road
Country: Singapore

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux