Running 2-3 days old rawhide with targeted policy, starting thunderbird says:
"Could not initaliaze the browser's security component. The most likely cause is
problem with files in your browser's profile directory. Please check that this
directory has no read/write restrictions. ... "
"setenforce 0" fixes this, strange enough no related denied messages in
/var/log/audit/audit.log . This is also fixed by booting with autorelabel as
kernel param, but only during the run/boot that the relabel was done a reboot
without the autorelabel restores the problem. This most likely is related to
some selinux problems with my home dir.
I have another problem with the same symptoms. My /etc/rc.d/rc.local contains:
su -l hans -c '/home/hans/bin/eponym.pl&' > /dev/null 2>&1
Which starts a perl script which updates my dyndns-entry. I have this script in
my homedir because the config is embedded inside the script. This used to work
but now it only works if I boot with autorelabel, and then only during the boot
with the autorelabel, not with consecutive boots, just as above.
What AVC messages are you seeing in the log files?
/var/log/audit/audit.log and/or /var/log/messages
I searched for denied messages in /var/log/audit/audit.log and I couldn't find
any related messages. I'll check /var/log/messages tonigth when I'm behind the
box with the problem.
Also see if setting any of the allow_exec* booleans clear up the problem
setsebool -P allow_execstack=1
setsebool -P allow_execstack=1 fixes thunderbird, thanks. Still no messages in
either log file. It seems that /var/log/audit/audit.log no longer gets any
messages? Maybe auditing has been disabled in the latest kernels?
BTW, the launching of the perl script in my homedir from /etc/rc.d/rc.local
still only works on the boot autorelabel is given on the cmdline I thought this
was related because it shared this only working once after autorelabel with
thunderbird, but I guess it is not related, seperate bug?
And you see no AVC messages? in /var/log/audit/audit.log or /var/log/messages?
You can turn on all audit messages by
semodule -b /usr/share/selinux/targeted/enableaudit.pp
Turn them back off with
semodule -b /usr/share/selinux/targeted/base.pp
I just did a setsebool -P allow_execstack=0 and tested Thunderbird again (on
rawhide) all is well now, closing.