On 05.06.2017 16:34, Ed Greshko wrote:
That is documentation from F14 and is way out of date.
of course and didn't meet my needs as there must be a user logged on ...
Again, late hour, I should have also mentioned that the AVC messages are held in /var/log/audit/audit.log You can grep on type=AVC in the file to see if you're getting the errors that I noted. I fixed it by following the troubleshooting advice of the seapplet. I had to run, as root, ausearch -c 'systemd' --raw | audit2allow -M my-systemd semodule -X 300 -i my-systemd.pp a couple of times since there were 2 distinct AVC's A deny on unlink and a deny on open.
I did it this way: stored the following to e.g. bugfix.tt
module systemd_vnc_bugfix 1.0.0;
require {
type user_home_t;
type init_t;
class file { open read unlink };
}
#============= init_t ==============
allow init_t user_home_t:file { open read unlink };
and then
checkmodule -M -m -o bugfix.mod bugfix.tt
semodule_package -o bugfix.pp -m bugfix.mod
semodule -X 300 -i bugfix.pp
Thanks for your help, hints,
now its working with SElinux = enforcing
Greetings from Austria,
Walter
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
