Re: Cannot login to F15 without nomodeset

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/27/2011 05:22 AM, Daniel J Walsh wrote:
> On 04/27/2011 02:45 AM, Per Bothner wrote:
>> (I'm still having problems with symlinks from /var/www/html
>> into /home.  The fix that worked on F13 and F14 no longer works,
>> and the SeLinux Alert Browser isn't as helpful as it used to be.)
> Per Bothner, send me the AVC's you are struggling with and I will see if
> I can help you, also the alert that is not being helpful.

I link /var/www/html/per to /home/bothner/public_html.

The SELinux Alert browser gives me a number of options, the first of which
was to do:
   /sbin/restorecon -v /home
After doing that, and refreshing the web  browser then the alert browser 
suggests
    /sbin/restorecon -v /home/bothner
Then it suggests:
   /sbin/restorecon -v /home/bothner/public_html
Now it wants:
   /sbin/restorecon -v /home/bothner/public_html/index.html
Clearly this is not the right path - I can't individually relabel every 
single file.

The next alternative it suggests
   If you think this is caused by a badly mislabeled machine.
   Then you need to fully relabel.
   Do
   touch /.autorelabel; reboot

I haven't tried that yet since I'm expecting that to take a long time.
It is possible that is the issue - the files were copied over (using tar)
from a different laptop, which may not have carried SELinux lae\bel over.
(I'm unclear on this.)

The suggestion I found particularly unhelpful is:

   If you want to allow httpd to have getattr access on the index.html file
   Then you need to change the label on /home/bothner/public_html/index.html
   Do
   # semanage fcontext -a -t FILE_TYPE 
'/home/bothner/public_html/index.html'
   where FILE_TYPE is one of the following: [[long list]].
   Then execute:
   restorecon -v '/home/bothner/public_html/index.html'

First, I can't figure out what in the [[long list]] is appropriate.
Second, the "then" part suggests this might only fix one file at a time.

I'm guessing the "full relabel" is the right thing.
-- 
	--Per Bothner
per@xxxxxxxxxxx   http://per.bothner.com/
-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux