Bug 120621
Summary: | desktop changes cause selinux error messages | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Thomas Molina <tmolina> |
Component: | policy | Assignee: | Colin Walters <walters> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | markmc |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-05-13 16:07:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thomas Molina
2004-04-12 10:18:11 UTC
Colin, you're looking into this, right ? Thomas: It looks like your filesystem is mislabeled. Did you upgrade from a previous installation and keep your /home partition? Files in your home directory shouldn't be file_t. Can you try running: /sbin/fixfiles relabel Alternatively you could just fix your home directory by doing: /usr/sbin/setfiles /etc/security/selinux/file_contexts /home /home is a partition on a second IDE hard drive in this system. It has been mounted under several versions of RedHat and Fedora OSs. I have done the fixfiles relabel command more than once and the problem remains. I have only mounted it with Fedora Core 2 Test 2 since I started testing this revision. Hmmm. Can you try running: /usr/sbin/setfiles -v -n /etc/security/selinux/file_contexts /home/tmolina/.gnome Does it give any messages about relabeling? Does it matter what state the system is in when these actions are performed? I certainly relabeled /home when I installed test2/selinux. I've also done it several times since then. I am running selinux in permissive mode and Fedora is in run level 5. I log in as a regular user, open a gnome-terminal, and do a "su -" before performing these actions. id -Z confirms I am running in sysadm role. Last night I tried something different; I dropped down into single user mode. This time the relabel appears to have succeeded. I am not getting the same avc messages I was before. I am going to continue monitoring the situation. You should try to avoid using the filesystem you're relabeling, if possible. So in this case I would have switched back to a virtual console (Ctrl-Alt-F1), logged in as root/sysadm_r, and done the relabel from there. That way the files on your /home for your regular user account wouldn't be in use. I don't think it was necessary to go all the way down to single user mode. I'm going to reassign this bug to policy (since it's not really directly related to GConf), and mark it NEEDINFO. If you could follow up in a few days and let us know whether your system works still, that'd be good. You are probably right, but it wouldn't be almost impossible to do a full relabel without using at least one of the filesystems being relabeled. Going all the way down to single user may not have been necessary, but I wanted to be sure. Doing so, I believe, eliminated most of my issues making it easier to deal with the ones remaining. Thanks for your effort. I will report back in a few days. The reported messages have not reappeared after following the given advice. Files in my home directory have the correct labels and all is good with the world. This report can probably be marked closed. Cool, thanks for following up. |