Re: trying to understand SELinux message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 16, 2009 at 1:47 PM, Paul Allen Newell <pnewell@xxxxxxxxxx> wrote:
> Mr. Teo En Ming (Zhang Enming) wrote:
>>
>> On Mon, Nov 16, 2009 at 1:09 PM, Paul Allen Newell <pnewell@xxxxxxxxxx>
>> wrote:
>>
>>>
>>> Hello:
>>>
>>> I just upgraded two of my systems to latest yum update
>>> (2.6.30.9-96.fc11.i686.PAE) with the hopes that the CD and DVD issues
>>> have
>>> been resolved (they have, almost, but thats a separate bugzilla report).
>>>
>>> What I am querying about in this email is a message that I am seeing when
>>> I
>>> log in as root (yes, I know the caveats and try to respect, but I always
>>> make sure the ability is there if I need it). I log in from the start
>>> page
>>> GUI and there are no problems until, after a couple of seconds later, a
>>> pop-up from the "star icon in the upper right" says I got problems. I
>>> open
>>> it up and it says:
>>>
>>> "SELinux is preventing the gdm-session-wor from using potentially
>>> mislabeled
>>> files (/root)."
>>>
>>> Okay, that's nice to know, but I have no idea what it is trying to tell
>>> me
>>> needs to be fixed. I've got a couple files in the home directory but
>>> nothing
>>> looks funny about them (*.txt cut-and-paste of yum update/installs and an
>>> html of "how-to-install f11 from scratch").
>>>
>>> I have edited both /etc/pam.d/gdm and /etc/pam.d/gdm-password per Fedora
>>> website instructions to allow root access.
>>>
>>> Closer inspection says that I first began getting this message on 20jun09
>>> after a yum update (I did original f11 install at the beginning of June).
>>> I
>>> just hadn't noticed it since I don't often log in as root, though I do
>>> remember seeing something in the summer and figuring it was a glip that
>>> would get fixed in future updates).
>>>
>>> Any suggestions as to what I should be looking for to get rid of this
>>> message ... if I do indeed actually need to pay attention to it. If there
>>> is
>>> more info I can provide, please let me know what it is and how to get it
>>> and
>>> I will gladly post such.
>>>
>>> Thanks in advance,
>>> Paul
>>>
>>>
>>> --
>>> fedora-list mailing list
>>> fedora-list@xxxxxxxxxx
>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>> Guidelines:
>>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>>
>>>
>>
>> You can try to disable SELinux in /etc/selinux/config or in
>> /boot/grub/grub.conf.
>>
>> In /etc/selinux/config, change SELinux to DISABLED.
>>
>> OR
>>
>> In /boot/grub/grub.conf, add selinux=0 to the kernel line.
>>
>> E.g. kernel /vmlinuz ro root=/dev/sda2 selinux=0
>>
>> You shouldn't start X server or login to GNOME as root.
>>
>>
>>
>
> My thanks for the prompt reply. I am not certain why I would want to disable
> SELinux as it clearly is part of the Fedora package and is trying to tell me
> that something isn't right.
>
> Yes, I know I should not start X server or login as root ... and that is not
> my normal work habit. But I would expect that I should still be able to do
> such and not have SELinux bark unless there was something wrong. It is the
> "what is wrong" that I am trying to understand and correct.
>
> Paul
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>

Well, for home or personal use systems, you don't really need SELinux.
SELinux is for mission critical servers.

Or unless you work for defense or intelligence agencies, then your
laptop needs to be secured with SELinux and high grade encryption.


-- 
Mr. Teo En Ming (Zhang Enming) Dip(Mechatronics) BEng(Hons)(Mechanical
Engineering)
Alma Maters:
(1) Singapore Polytechnic
(2) National University of Singapore
My Primary Blog: http://teo-en-ming-aka-zhang-enming.blogspot.com
My Secondary Blog: http://enmingteo.wordpress.com
My Youtube videos: http://www.youtube.com/user/enmingteo
Email: space.time.universe@xxxxxxxxx
Mobile Phone (Starhub Prepaid): +65-8369-2618
Street: Bedok Reservoir Road
Country: Singapore

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux