On Thu, 2011-01-20 at 02:00 +0200, Kostas Sfakiotakis wrote: > The normal user is even unable to launch the X Windows > since SELinux blocks xauth from writing to his home directory > > /usr/bin/xauth ( as source process ) > Attempted this access : write > On this directory : kostas ( actually is /home/kostas , the home > directory of the user ) Which, suggests, some checking of the normal permissions on that directory, and it's parent. Likewise, some checking for SELinux contexts. You can do that with the "ls -Z" command. ls -Zd /home ought to be: drwxr-xr-x root root system_u:object_r:home_root_t:s0 /home ls -Zd /home/kostas ought to be: drwx------ kostas kostas system_u:object_r:user_home_dir_t:s0 /home/kostas And the contents inside your space (ls -Z /home/kostas), ought to be: -rw------- kostas kostas unconfined_u:object_r:user_home_t:s0 NB: You can have additional permissions (it might be executable, as well, or also readable by group or other users), but those would be the minimum. If you find that you're having a plethora of SELinux problems, it might be a good idea to let the system relabel the whole drive with the default contexts. If you've ever run the system with SELinux disabled, then that's one potential cause for the contexts to be miss-set (any file written during that time, wouldn't have them). If there's one thing that I really hate about SELinux, it's the hideous names that they gave to the contexts. They're not intuitive, nor convenient for typing by hand. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
