selinux, unlabeled files, apache, etc.

M. Lewis _fedoralist_ at cajuninc.com
Sat Aug 27 03:54:41 UTC 2005 

Walter Petrel wrote:
> After upgrading from RH9 to FC4 (and opting for selinux), I followed the Fedora instructions on enabling user directories again, setting up the se context and all that, but no good -- I still get the 403's.
> 
> I have a hunch it is due to the way I upgraded the system. Maybe some will say it's laziness, but I left /home as it was before (i.e. unformatted). As a result, I see that /home/xyz has no selinux label. Will that screw up apache? (The selinux faq for FC3 talks about potential trouble if you turn off selinux, create new files and then turn it back on.)
> 
> Is there a way to label all the unabled files? Then I could give all files in home the user_home_t label, and then relabel the userdir for httpd. chcon won't work on /home/xyz because it tells me the file is unlabeled.
> 
> Is there some other obvious trouble I might be in because I didn't let the installer write over /home?
> 
> tia
> 
> 

I think 'Walter Petrel wrote:
 > After upgrading from RH9 to FC4 (and opting for selinux), I followed 
the Fedora instructions on enabling user directories again, setting up 
the se context and all that, but no good -- I still get the 403's.
 >
 > I have a hunch it is due to the way I upgraded the system. Maybe some 
will say it's laziness, but I left /home as it was before (i.e. 
unformatted). As a result, I see that /home/xyz has no selinux label. 
Will that screw up apache? (The selinux faq for FC3 talks about 
potential trouble if you turn off selinux, create new files and then 
turn it back on.)
 >
 > Is there a way to label all the unabled files? Then I could give all 
files in home the user_home_t label, and then relabel the userdir for 
httpd. chcon won't work on /home/xyz because it tells me the file is 
unlabeled.
 >
 > Is there some other obvious trouble I might be in because I didn't 
let the installer write over /home?
 >
 > tia
 >
 >

I think what you're looking for might be
touch /.autorelabel  <as root>
Then reboot.


The trouble you might have (along with other things maybe) is the config 
files that are found in the ~/.kde directory (I don't use Gnome, but I 
would expect similar problems). If you rename the directory (.kde -> 
origkde) and let KDE recreate everything, you should be fine.

M

More information about the fedora-list mailing list