selinux prob - can't log in via X/gdm
Daniel J Walsh
dwalsh at redhat.com
Sat Apr 3 06:30:58 UTC 2004
Niilo Kajander wrote:
>On Fri, 2004-04-02 at 08:57, J. Scott Farrow wrote:
>
>
>>Since my last round of yum updates on test2 last night, I'm completely
>>unable to log in via X, either as my normal user, or as root. I'm now
>>running kernel-2.6.4-1.300 and policy-1.9.2-1.
>>
>>
>
>If you can log in as root on console, try adding SELINUX=permissive to
>/etc/sysconfig/selinux. Don't worry if that file doesn't exist, as it
>didn't on my test box ("upgraded" from development version). After
>creating that file I rebooted and things started working normally.
>
>
>>I've tried reloading the policies as Daniel suggested earlier, and also
>>tried running fixfiles, but it doesn't seem to be having an effect. Gdm
>>still claims the home directory for both root and my normal login don't
>>exist. /var/log/messages is filled with avc:denied errors such as:
>>
>>Apr 1 18:19:48 pontifex kernel: audit(1080868788.135:0): avc: denied
>>{ getattr } for pid=1732 exe=/bin/bash path=/home/sfarrow dev=hde4
>>ino=32513 scontext=system_u:system_r:xdm_t
>>tcontext=system_u:object_r:user_home_dir_t tclass=dir
>>
>>I thought I had read that running 'fixfiles' was the approved way to
>>reset these types of issues. I definitely need to do more reading on
>>SElinux, as I'm obviously missing something. Any suggestions for a
>>quick fix would be appreciated.
>>
>>
You can temporarily turn off SELinux enforcing mode by
setenforce 0
setenforce 1 turns it back on.
So if SELinux gets in the way of you completing a task, for now turn it
off, do the task, grab the avc messages and report it back to us.
You can also use
audit2allow -l -i /var/log/messages to translate the denial messages
into selinux rules.
>>
>>
>
>
>
More information about the fedora-test-list
mailing list