SELinux issues
Colin Walters
walters at redhat.com
Mon Apr 19 19:25:57 UTC 2004
On Mon, 2004-04-19 at 14:21, jacob wrote:
> Some SELinux issues I've been experiencing when running in enforcing mode:
>
> * Only my own user processes show up in top/gnome-system-monitor/ps aux,
> no root or other users processes are visible.
That's expected.
> * /lib/modules is marked with '?--------- ? ? ? ? modules' for me as
> normal user, I can't even cd into it. Looks ok as root though.
That's also expected. The ??? is because user_t is denied getattr for
modules_object_t.
> * Normal user can't mount cdrom, only root can.
Do you have the "user" option in /etc/fstab and the user_can_mount
tunable enabled?
> * fam & nautilus are the ones spewing out the most avc messages in
> dmesg.
fam is known to be incompatible with SELinux. I'm working on a patch to
disable it if SELinux is enabled. What nautilus AVC messages are you
seeing? the /initrd one is a known issue, also on my queue of stuff to
fix.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040419/8dea3a8c/attachment.sig>
More information about the fedora-selinux-list
mailing list