Re: Problem with SELinux: cannot change password, cannot open Plasma session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 09/19/2017 07:14 PM, Rick Stevens wrote:

On 09/18/2017 11:24 AM, Frédéric Bron wrote:

Hi,

I created a new user using kuser.
I wanted to change his password with passwd user :
$ su
$ passwd user

I got the following error:
passwd: Erreur de manipulation du jeton d'authentification

Then I did:
$ setenforce 0
and it worked.

Later, I reenabled selinux:
$ setenfoce 1

and the user tried to login with sddm to Plasma -> got a black screen
then back to sddm.

removed selinux:
$ setenforce 0

Login to Plasma worked

What's wrong with SELinux?


I mistakenly replied directly to Frederic, not the list. Whoops!
Anyway, this is what I said so there's a record:

"Probably nothing. You need to relabel your files as you've likely done
things with SELinux disabled. If so, the things that were done with it
disabled have the wrong SELinux contexts.

"As the root user, "touch /.autorelabel", then enable SELinux and
reboot. The reboot will take a while as the system walks all the
filesystems and relabels files and directories with the correct
contexts.

"Don't just enable and disable SELinux willy-nilly. If you have it
enabled and something doesn't work, use the AVC mechanisms to find out
WHY it didn't work. It may be an SELinux policy that's wrong or it may
be that some processes/programs are not adhering to SELinux properly
(for example, ZoneMinder has LOTS of SELinux violations)."
Correct, when you disabling SELinux, always use autorelabel, it can save you lot of time troubleshooting what's wrong.
Next thing, If you have some SELinux issue, like this when in Enforcing mode is some thing broken and when you put it in Permissive (# setenforce 0), you can check audit logs if there is any SELinux denials. For example: 
(# ausearch -m AVC,USER_AVC -ts today).

These messages will tell you why was some action denied by SELinux.

Thanks,
Lukas.


----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-         The world is coming to an end ... SAVE YOUR FILES!!!       -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx




--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux