Re: trying to understand SELinux message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mr. Teo En Ming (Zhang Enming) wrote:
On Mon, Nov 16, 2009 at 1:09 PM, Paul Allen Newell <pnewell@xxxxxxxxxx> wrote:
Hello:

I just upgraded two of my systems to latest yum update
(2.6.30.9-96.fc11.i686.PAE) with the hopes that the CD and DVD issues have
been resolved (they have, almost, but thats a separate bugzilla report).

What I am querying about in this email is a message that I am seeing when I
log in as root (yes, I know the caveats and try to respect, but I always
make sure the ability is there if I need it). I log in from the start page
GUI and there are no problems until, after a couple of seconds later, a
pop-up from the "star icon in the upper right" says I got problems. I open
it up and it says:

"SELinux is preventing the gdm-session-wor from using potentially mislabeled
files (/root)."

Okay, that's nice to know, but I have no idea what it is trying to tell me
needs to be fixed. I've got a couple files in the home directory but nothing
looks funny about them (*.txt cut-and-paste of yum update/installs and an
html of "how-to-install f11 from scratch").

I have edited both /etc/pam.d/gdm and /etc/pam.d/gdm-password per Fedora
website instructions to allow root access.

Closer inspection says that I first began getting this message on 20jun09
after a yum update (I did original f11 install at the beginning of June). I
just hadn't noticed it since I don't often log in as root, though I do
remember seeing something in the summer and figuring it was a glip that
would get fixed in future updates).

Any suggestions as to what I should be looking for to get rid of this
message ... if I do indeed actually need to pay attention to it. If there is
more info I can provide, please let me know what it is and how to get it and
I will gladly post such.

Thanks in advance,
Paul


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines


You can try to disable SELinux in /etc/selinux/config or in
/boot/grub/grub.conf.

In /etc/selinux/config, change SELinux to DISABLED.

OR

In /boot/grub/grub.conf, add selinux=0 to the kernel line.

E.g. kernel /vmlinuz ro root=/dev/sda2 selinux=0

You shouldn't start X server or login to GNOME as root.


My thanks for the prompt reply. I am not certain why I would want to disable SELinux as it clearly is part of the Fedora package and is trying to tell me that something isn't right.

Yes, I know I should not start X server or login as root ... and that is not my normal work habit. But I would expect that I should still be able to do such and not have SELinux bark unless there was something wrong. It is the "what is wrong" that I am trying to understand and correct.

Paul

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux