F12 beta, ldap authentication and NFS mounted home
Tim Fenn
fenn at stanford.edu
Fri Oct 23 23:08:02 UTC 2009
On Thu, 22 Oct 2009 08:28:04 -0400
Daniel J Walsh <dwalsh at redhat.com> wrote:
> On 10/22/2009 02:16 AM, Jeroen van Meeuwen wrote:
> > On 10/22/2009 02:04 AM, Tim Fenn wrote:
> >> I upgraded a machine from F10 to F12 beta - its a client machine
> >> that mounts /home over NFS and authenticates over LDAP (however,
> >> its a mac server that sets /home as /Volumes/Homes, which I have
> >> set up as a pointer to /home). use_nfs_home_dirs is on and I can
> >> log in via SSH or the console, but the graphical login fails when
> >> clicking "log in" with the following selinux error:
> >>
> >> SELinux is preventing /usr/libexec/ck-get-x11-server-pid "read"
> >> access on Homes.
> >>
> >> I've attached the full sealart, am I missing something
> >> obvious/simple?
> >>
> >
> > FWIW, I had something similar with gdm-greeter, I think. I also had
> > a different problem[1] with gdm so I didn't give it much attention
> > at the time.
> >
> I need to see the AVC in /var/log/audit/audit.log to make sure I know
> the reason.
>
OK, I spent a bit more time on this today (sorry for the late response,
been busy with all these new operating systems this week!). Upon
login, I get the audit_1.log (see attached), and upon firing up startx,
I get audit_2.log - it seems the link to /home is whats causing the
problem, audit2allow suggests
allow local_login_t default_t:lnk_file read;
allow consolekit_t default_t:lnk_file read;
but I'm not sure thats the "proper" solution - would it be better to
set /Volumes/Homes as the NFS mount and /home as a pointer to it?
-Tim
--
CAPS LOCK IS THE CRUISE CONTROL OF AWESOMNESS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit_1.log
Type: text/x-log
Size: 3408 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091023/79e7cf74/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit_2.log
Type: text/x-log
Size: 647 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091023/79e7cf74/attachment-0001.bin>
More information about the fedora-selinux-list
mailing list