Running 2-3 days old rawhide with targeted policy, starting thunderbird says: "Could not initaliaze the browser's security component. The most likely cause is problem with files in your browser's profile directory. Please check that this directory has no read/write restrictions. ... " "setenforce 0" fixes this, strange enough no related denied messages in /var/log/audit/audit.log . This is also fixed by booting with autorelabel as kernel param, but only during the run/boot that the relabel was done a reboot without the autorelabel restores the problem. This most likely is related to some selinux problems with my home dir. --- I have another problem with the same symptoms. My /etc/rc.d/rc.local contains: su -l hans -c '/home/hans/bin/eponym.pl&' > /dev/null 2>&1 Which starts a perl script which updates my dyndns-entry. I have this script in my homedir because the config is embedded inside the script. This used to work but now it only works if I boot with autorelabel, and then only during the boot with the autorelabel, not with consecutive boots, just as above.
What AVC messages are you seeing in the log files? /var/log/audit/audit.log and/or /var/log/messages
I searched for denied messages in /var/log/audit/audit.log and I couldn't find any related messages. I'll check /var/log/messages tonigth when I'm behind the box with the problem.
Also see if setting any of the allow_exec* booleans clear up the problem setsebool -P allow_execstack=1
setsebool -P allow_execstack=1 fixes thunderbird, thanks. Still no messages in either log file. It seems that /var/log/audit/audit.log no longer gets any messages? Maybe auditing has been disabled in the latest kernels? BTW, the launching of the perl script in my homedir from /etc/rc.d/rc.local still only works on the boot autorelabel is given on the cmdline I thought this was related because it shared this only working once after autorelabel with thunderbird, but I guess it is not related, seperate bug?
And you see no AVC messages? in /var/log/audit/audit.log or /var/log/messages? You can turn on all audit messages by semodule -b /usr/share/selinux/targeted/enableaudit.pp Turn them back off with semodule -b /usr/share/selinux/targeted/base.pp
I just did a setsebool -P allow_execstack=0 and tested Thunderbird again (on rawhide) all is well now, closing.