On Mon, 2004-04-19 at 14:21, jacob wrote: > Some SELinux issues I've been experiencing when running in enforcing mode: > > * Only my own user processes show up in top/gnome-system-monitor/ps aux, > no root or other users processes are visible. That's expected. > * /lib/modules is marked with '?--------- ? ? ? ? modules' for me as > normal user, I can't even cd into it. Looks ok as root though. That's also expected. The ??? is because user_t is denied getattr for modules_object_t. > * Normal user can't mount cdrom, only root can. Do you have the "user" option in /etc/fstab and the user_can_mount tunable enabled? > * fam & nautilus are the ones spewing out the most avc messages in > dmesg. fam is known to be incompatible with SELinux. I'm working on a patch to disable it if SELinux is enabled. What nautilus AVC messages are you seeing? the /initrd one is a known issue, also on my queue of stuff to fix.
Attachment:
signature.asc
Description: This is a digitally signed message part
